diff options
author | David S. Miller <davem@davemloft.net> | 2005-06-21 18:39:22 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-06-21 18:39:22 -0400 |
commit | 8005aba69a6440a535a4cc2aed99ffca580847e0 (patch) | |
tree | d15f836f483ec374751fd9eda4a4f7a8b816eff5 | |
parent | 1d345dac1f30af1cd9f3a1faa12f9f18f17f236e (diff) |
[SPARC64]: Fix cmsg length checks in Solaris emulation layer.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | arch/sparc64/solaris/socket.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/arch/sparc64/solaris/socket.c b/arch/sparc64/solaris/socket.c index ec8e074c4eac..06740582717e 100644 --- a/arch/sparc64/solaris/socket.c +++ b/arch/sparc64/solaris/socket.c | |||
@@ -317,8 +317,10 @@ asmlinkage int solaris_sendmsg(int fd, struct sol_nmsghdr __user *user_msg, unsi | |||
317 | unsigned long *kcmsg; | 317 | unsigned long *kcmsg; |
318 | compat_size_t cmlen; | 318 | compat_size_t cmlen; |
319 | 319 | ||
320 | if(kern_msg.msg_controllen > sizeof(ctl) && | 320 | if (kern_msg.msg_controllen <= sizeof(compat_size_t)) |
321 | kern_msg.msg_controllen <= 256) { | 321 | return -EINVAL; |
322 | |||
323 | if(kern_msg.msg_controllen > sizeof(ctl)) { | ||
322 | err = -ENOBUFS; | 324 | err = -ENOBUFS; |
323 | ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL); | 325 | ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL); |
324 | if(!ctl_buf) | 326 | if(!ctl_buf) |