aboutsummaryrefslogtreecommitdiffstats
path: root/net/sctp/socket.c
diff options
context:
space:
mode:
authorWei Yongjun <yjwei@cn.fujitsu.com>2009-03-02 04:46:12 -0500
committerDavid S. Miller <davem@davemloft.net>2009-03-03 01:49:17 -0500
commitc6db93a58f1745cfe1acc2e1a1d68afc3245eced (patch)
treeb4e88d10bc75fa6565d91202460fb3f0ed5cc7c5 /net/sctp/socket.c
parentd212318c9d1b11ff44b57f90b4f9d9c9b31a6ced (diff)
sctp: fix the length check in sctp_getsockopt_maxburst()
The code in sctp_getsockopt_maxburst() doesn't allow len to be larger then struct sctp_assoc_value, which is a common case where app writers just pass down the sizeof(buf) or something similar. This patch fix the problem. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/socket.c')
-rw-r--r--net/sctp/socket.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 4bc558c19fcf..bbd3cd238d7f 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5286,7 +5286,8 @@ static int sctp_getsockopt_maxburst(struct sock *sk, int len,
5286 printk(KERN_WARNING 5286 printk(KERN_WARNING
5287 "SCTP: Use struct sctp_assoc_value instead\n"); 5287 "SCTP: Use struct sctp_assoc_value instead\n");
5288 params.assoc_id = 0; 5288 params.assoc_id = 0;
5289 } else if (len == sizeof (struct sctp_assoc_value)) { 5289 } else if (len >= sizeof(struct sctp_assoc_value)) {
5290 len = sizeof(struct sctp_assoc_value);
5290 if (copy_from_user(&params, optval, len)) 5291 if (copy_from_user(&params, optval, len))
5291 return -EFAULT; 5292 return -EFAULT;
5292 } else 5293 } else