diff options
author | Vlad Yasevich <vladislav.yasevich@hp.com> | 2008-08-27 19:08:54 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-08-27 19:08:54 -0400 |
commit | 328fc47ea0bcc27d9afa69c3ad6e52431cadd76c (patch) | |
tree | 5969688468a63ee01db68be4adff671bd9aa85c8 /net | |
parent | f2455eb176ac87081bbfc9a44b21c7cd2bc1967e (diff) |
sctp: correct bounds check in sctp_setsockopt_auth_key
The bonds check to prevent buffer overlflow was not exactly
right. It still allowed overflow of up to 8 bytes which is
sizeof(struct sctp_authkey).
Since optlen is already checked against the size of that struct,
we are guaranteed not to cause interger overflow either.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/sctp/socket.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index afa952e726d7..9b9b2c31dd15 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c | |||
@@ -3144,7 +3144,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk, | |||
3144 | goto out; | 3144 | goto out; |
3145 | } | 3145 | } |
3146 | 3146 | ||
3147 | if (authkey->sca_keylength > optlen) { | 3147 | if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) { |
3148 | ret = -EINVAL; | 3148 | ret = -EINVAL; |
3149 | goto out; | 3149 | goto out; |
3150 | } | 3150 | } |