aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGerrit Renker <gerrit@erg.abdn.ac.uk>2010-02-07 15:20:28 -0500
committerDavid S. Miller <davem@davemloft.net>2010-02-12 14:47:00 -0500
commit69a6a0b38a139ccceef32222108caca8a9b0b795 (patch)
tree04e24f2b012c14f33f5bc3d6f96f84056cf1fbbe
parent7455a76f170f794498d26081a5f15b797ef1a2aa (diff)
dccp: allow probing of CCID-array length
This fixes a problem in the DCCP getsockopt() API: currently there is no way for a user to a priori know the number of built-in CCIDs, other than trying DCCP_SOCKOPT_AVAILABLE_CCIDS in a loop, incrementing the option length until EINVAL is no longer returned. This patch truncates the array to the user-provided length. No copy is made when the length is <= 0. Due to the length restriction in do_dccp_getsockopt() to sizeof(int), the minimum array length remains 4, which is a reasonable default (only 3 CCIDs, CCID-2..4, are currently defined). Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--Documentation/networking/dccp.txt6
-rw-r--r--net/dccp/ccid.c9
2 files changed, 8 insertions, 7 deletions
diff --git a/Documentation/networking/dccp.txt b/Documentation/networking/dccp.txt
index b132e4a3cf0f..a62fdf7a6bff 100644
--- a/Documentation/networking/dccp.txt
+++ b/Documentation/networking/dccp.txt
@@ -58,8 +58,10 @@ DCCP_SOCKOPT_GET_CUR_MPS is read-only and retrieves the current maximum packet
58size (application payload size) in bytes, see RFC 4340, section 14. 58size (application payload size) in bytes, see RFC 4340, section 14.
59 59
60DCCP_SOCKOPT_AVAILABLE_CCIDS is also read-only and returns the list of CCIDs 60DCCP_SOCKOPT_AVAILABLE_CCIDS is also read-only and returns the list of CCIDs
61supported by the endpoint (see include/linux/dccp.h for symbolic constants). 61supported by the endpoint. The option value is an array of type uint8_t whose
62The caller needs to provide a sufficiently large (> 2) array of type uint8_t. 62size is passed as option length. The minimum array size is 4 elements, the
63value returned in the optlen argument always reflects the true number of
64built-in CCIDs.
63 65
64DCCP_SOCKOPT_CCID is write-only and sets both the TX and RX CCIDs at the same 66DCCP_SOCKOPT_CCID is write-only and sets both the TX and RX CCIDs at the same
65time, combining the operation of the next two socket options. This option is 67time, combining the operation of the next two socket options. This option is
diff --git a/net/dccp/ccid.c b/net/dccp/ccid.c
index ff16e9df1969..49d27c556bec 100644
--- a/net/dccp/ccid.c
+++ b/net/dccp/ccid.c
@@ -63,14 +63,13 @@ int ccid_getsockopt_builtin_ccids(struct sock *sk, int len,
63 u8 *ccid_array, array_len; 63 u8 *ccid_array, array_len;
64 int err = 0; 64 int err = 0;
65 65
66 if (len < ARRAY_SIZE(ccids))
67 return -EINVAL;
68
69 if (ccid_get_builtin_ccids(&ccid_array, &array_len)) 66 if (ccid_get_builtin_ccids(&ccid_array, &array_len))
70 return -ENOBUFS; 67 return -ENOBUFS;
71 68
72 if (put_user(array_len, optlen) || 69 if (put_user(array_len, optlen))
73 copy_to_user(optval, ccid_array, array_len)) 70 err = -EFAULT;
71 else if (len > 0 && copy_to_user(optval, ccid_array,
72 len > array_len ? array_len : len))
74 err = -EFAULT; 73 err = -EFAULT;
75 74
76 kfree(ccid_array); 75 kfree(ccid_array);