aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid L Stevens <dlstevens@us.ibm.com>2008-04-29 06:23:00 -0400
committerDavid S. Miller <davem@davemloft.net>2008-04-29 06:23:00 -0400
commitbe666e0a1345ed80f29cb30c73da0ec2ea5c5863 (patch)
tree46a29aa49e2357a3c1c69a39d9789a16c568fe9d
parent2ad17defd596ca7e8ba782d5fc6950ee0e99513c (diff)
net: Several cleanups for the setsockopt compat support.
1) added missing "__user" for kgsr and kgf pointers 2) verify read for only GROUP_FILTER_SIZE(0). The group_filter structure definition (via RFC) includes space for one source in the source list array, but that source need not be present. So, sizeof(group_filter) > GROUP_FILTER_SIZE(0). Fixed the user read-check for minimum length to use the smaller size. 3) remove unneeded "&" for gf_slist addresses Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/compat.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/net/compat.c b/net/compat.c
index 01bf95d0832e..8146f654391c 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -548,6 +548,9 @@ struct compat_group_filter {
548 __attribute__ ((aligned(4))); 548 __attribute__ ((aligned(4)));
549} __attribute__ ((packed)); 549} __attribute__ ((packed));
550 550
551#define __COMPAT_GF0_SIZE (sizeof(struct compat_group_filter) - \
552 sizeof(struct __kernel_sockaddr_storage))
553
551 554
552int compat_mc_setsockopt(struct sock *sock, int level, int optname, 555int compat_mc_setsockopt(struct sock *sock, int level, int optname,
553 char __user *optval, int optlen, 556 char __user *optval, int optlen,
@@ -582,7 +585,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
582 case MCAST_UNBLOCK_SOURCE: 585 case MCAST_UNBLOCK_SOURCE:
583 { 586 {
584 struct compat_group_source_req __user *gsr32 = (void *)optval; 587 struct compat_group_source_req __user *gsr32 = (void *)optval;
585 struct group_source_req *kgsr = compat_alloc_user_space( 588 struct group_source_req __user *kgsr = compat_alloc_user_space(
586 sizeof(struct group_source_req)); 589 sizeof(struct group_source_req));
587 u32 interface; 590 u32 interface;
588 591
@@ -603,10 +606,10 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
603 case MCAST_MSFILTER: 606 case MCAST_MSFILTER:
604 { 607 {
605 struct compat_group_filter __user *gf32 = (void *)optval; 608 struct compat_group_filter __user *gf32 = (void *)optval;
606 struct group_filter *kgf; 609 struct group_filter __user *kgf;
607 u32 interface, fmode, numsrc; 610 u32 interface, fmode, numsrc;
608 611
609 if (!access_ok(VERIFY_READ, gf32, sizeof(*gf32)) || 612 if (!access_ok(VERIFY_READ, gf32, __COMPAT_GF0_SIZE) ||
610 __get_user(interface, &gf32->gf_interface) || 613 __get_user(interface, &gf32->gf_interface) ||
611 __get_user(fmode, &gf32->gf_fmode) || 614 __get_user(fmode, &gf32->gf_fmode) ||
612 __get_user(numsrc, &gf32->gf_numsrc)) 615 __get_user(numsrc, &gf32->gf_numsrc))
@@ -622,7 +625,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
622 __put_user(numsrc, &kgf->gf_numsrc) || 625 __put_user(numsrc, &kgf->gf_numsrc) ||
623 copy_in_user(&kgf->gf_group, &gf32->gf_group, 626 copy_in_user(&kgf->gf_group, &gf32->gf_group,
624 sizeof(kgf->gf_group)) || 627 sizeof(kgf->gf_group)) ||
625 (numsrc && copy_in_user(&kgf->gf_slist, &gf32->gf_slist, 628 (numsrc && copy_in_user(kgf->gf_slist, gf32->gf_slist,
626 numsrc * sizeof(kgf->gf_slist[0])))) 629 numsrc * sizeof(kgf->gf_slist[0]))))
627 return -EFAULT; 630 return -EFAULT;
628 koptval = (char __user *)kgf; 631 koptval = (char __user *)kgf;