diff options
author | David L Stevens <dlstevens@us.ibm.com> | 2008-04-29 06:23:00 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-29 06:23:00 -0400 |
commit | be666e0a1345ed80f29cb30c73da0ec2ea5c5863 (patch) | |
tree | 46a29aa49e2357a3c1c69a39d9789a16c568fe9d | |
parent | 2ad17defd596ca7e8ba782d5fc6950ee0e99513c (diff) |
net: Several cleanups for the setsockopt compat support.
1) added missing "__user" for kgsr and kgf pointers
2) verify read for only GROUP_FILTER_SIZE(0). The group_filter
structure definition (via RFC) includes space for one source
in the source list array, but that source need not be present.
So, sizeof(group_filter) > GROUP_FILTER_SIZE(0). Fixed
the user read-check for minimum length to use the smaller size.
3) remove unneeded "&" for gf_slist addresses
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/compat.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/net/compat.c b/net/compat.c index 01bf95d0832e..8146f654391c 100644 --- a/net/compat.c +++ b/net/compat.c | |||
@@ -548,6 +548,9 @@ struct compat_group_filter { | |||
548 | __attribute__ ((aligned(4))); | 548 | __attribute__ ((aligned(4))); |
549 | } __attribute__ ((packed)); | 549 | } __attribute__ ((packed)); |
550 | 550 | ||
551 | #define __COMPAT_GF0_SIZE (sizeof(struct compat_group_filter) - \ | ||
552 | sizeof(struct __kernel_sockaddr_storage)) | ||
553 | |||
551 | 554 | ||
552 | int compat_mc_setsockopt(struct sock *sock, int level, int optname, | 555 | int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
553 | char __user *optval, int optlen, | 556 | char __user *optval, int optlen, |
@@ -582,7 +585,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, | |||
582 | case MCAST_UNBLOCK_SOURCE: | 585 | case MCAST_UNBLOCK_SOURCE: |
583 | { | 586 | { |
584 | struct compat_group_source_req __user *gsr32 = (void *)optval; | 587 | struct compat_group_source_req __user *gsr32 = (void *)optval; |
585 | struct group_source_req *kgsr = compat_alloc_user_space( | 588 | struct group_source_req __user *kgsr = compat_alloc_user_space( |
586 | sizeof(struct group_source_req)); | 589 | sizeof(struct group_source_req)); |
587 | u32 interface; | 590 | u32 interface; |
588 | 591 | ||
@@ -603,10 +606,10 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, | |||
603 | case MCAST_MSFILTER: | 606 | case MCAST_MSFILTER: |
604 | { | 607 | { |
605 | struct compat_group_filter __user *gf32 = (void *)optval; | 608 | struct compat_group_filter __user *gf32 = (void *)optval; |
606 | struct group_filter *kgf; | 609 | struct group_filter __user *kgf; |
607 | u32 interface, fmode, numsrc; | 610 | u32 interface, fmode, numsrc; |
608 | 611 | ||
609 | if (!access_ok(VERIFY_READ, gf32, sizeof(*gf32)) || | 612 | if (!access_ok(VERIFY_READ, gf32, __COMPAT_GF0_SIZE) || |
610 | __get_user(interface, &gf32->gf_interface) || | 613 | __get_user(interface, &gf32->gf_interface) || |
611 | __get_user(fmode, &gf32->gf_fmode) || | 614 | __get_user(fmode, &gf32->gf_fmode) || |
612 | __get_user(numsrc, &gf32->gf_numsrc)) | 615 | __get_user(numsrc, &gf32->gf_numsrc)) |
@@ -622,7 +625,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, | |||
622 | __put_user(numsrc, &kgf->gf_numsrc) || | 625 | __put_user(numsrc, &kgf->gf_numsrc) || |
623 | copy_in_user(&kgf->gf_group, &gf32->gf_group, | 626 | copy_in_user(&kgf->gf_group, &gf32->gf_group, |
624 | sizeof(kgf->gf_group)) || | 627 | sizeof(kgf->gf_group)) || |
625 | (numsrc && copy_in_user(&kgf->gf_slist, &gf32->gf_slist, | 628 | (numsrc && copy_in_user(kgf->gf_slist, gf32->gf_slist, |
626 | numsrc * sizeof(kgf->gf_slist[0])))) | 629 | numsrc * sizeof(kgf->gf_slist[0])))) |
627 | return -EFAULT; | 630 | return -EFAULT; |
628 | koptval = (char __user *)kgf; | 631 | koptval = (char __user *)kgf; |