aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2005-06-21 18:39:22 -0400
committerDavid S. Miller <davem@davemloft.net>2005-06-21 18:39:22 -0400
commit8005aba69a6440a535a4cc2aed99ffca580847e0 (patch)
treed15f836f483ec374751fd9eda4a4f7a8b816eff5
parent1d345dac1f30af1cd9f3a1faa12f9f18f17f236e (diff)
[SPARC64]: Fix cmsg length checks in Solaris emulation layer.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--arch/sparc64/solaris/socket.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/arch/sparc64/solaris/socket.c b/arch/sparc64/solaris/socket.c
index ec8e074c4eac..06740582717e 100644
--- a/arch/sparc64/solaris/socket.c
+++ b/arch/sparc64/solaris/socket.c
@@ -317,8 +317,10 @@ asmlinkage int solaris_sendmsg(int fd, struct sol_nmsghdr __user *user_msg, unsi
317 unsigned long *kcmsg; 317 unsigned long *kcmsg;
318 compat_size_t cmlen; 318 compat_size_t cmlen;
319 319
320 if(kern_msg.msg_controllen > sizeof(ctl) && 320 if (kern_msg.msg_controllen <= sizeof(compat_size_t))
321 kern_msg.msg_controllen <= 256) { 321 return -EINVAL;
322
323 if(kern_msg.msg_controllen > sizeof(ctl)) {
322 err = -ENOBUFS; 324 err = -ENOBUFS;
323 ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL); 325 ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL);
324 if(!ctl_buf) 326 if(!ctl_buf)