diff options
author | Wang Chen <wangchen@cn.fujitsu.com> | 2008-04-06 21:42:07 -0400 |
---|---|---|
committer | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-04-12 00:43:23 -0400 |
commit | a28398ba6112be28c6a92aacf06aca1979b454b7 (patch) | |
tree | d1998af0632459026ee9bf479afcf9897f626ac2 /net | |
parent | 7f1eced8b0a001c4d5a8cfa5ac7b5cbc89fedab8 (diff) |
[IPV6]: Check length of optval provided by user in setsockopt().
Check length of setsockopt's optval, which provided by user, before copy it
from user space.
For POSIX compliant, return -EINVAL for setsockopt of short lengths.
Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv6/ipv6_sockglue.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index bf9695375219..bd3fb129b393 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c | |||
@@ -449,6 +449,9 @@ done: | |||
449 | { | 449 | { |
450 | struct ipv6_mreq mreq; | 450 | struct ipv6_mreq mreq; |
451 | 451 | ||
452 | if (optlen < sizeof(struct ipv6_mreq)) | ||
453 | goto e_inval; | ||
454 | |||
452 | retv = -EPROTO; | 455 | retv = -EPROTO; |
453 | if (inet_sk(sk)->is_icsk) | 456 | if (inet_sk(sk)->is_icsk) |
454 | break; | 457 | break; |
@@ -468,7 +471,7 @@ done: | |||
468 | { | 471 | { |
469 | struct ipv6_mreq mreq; | 472 | struct ipv6_mreq mreq; |
470 | 473 | ||
471 | if (optlen != sizeof(struct ipv6_mreq)) | 474 | if (optlen < sizeof(struct ipv6_mreq)) |
472 | goto e_inval; | 475 | goto e_inval; |
473 | 476 | ||
474 | retv = -EFAULT; | 477 | retv = -EFAULT; |
@@ -487,6 +490,9 @@ done: | |||
487 | struct group_req greq; | 490 | struct group_req greq; |
488 | struct sockaddr_in6 *psin6; | 491 | struct sockaddr_in6 *psin6; |
489 | 492 | ||
493 | if (optlen < sizeof(struct group_req)) | ||
494 | goto e_inval; | ||
495 | |||
490 | retv = -EFAULT; | 496 | retv = -EFAULT; |
491 | if (copy_from_user(&greq, optval, sizeof(struct group_req))) | 497 | if (copy_from_user(&greq, optval, sizeof(struct group_req))) |
492 | break; | 498 | break; |
@@ -511,7 +517,7 @@ done: | |||
511 | struct group_source_req greqs; | 517 | struct group_source_req greqs; |
512 | int omode, add; | 518 | int omode, add; |
513 | 519 | ||
514 | if (optlen != sizeof(struct group_source_req)) | 520 | if (optlen < sizeof(struct group_source_req)) |
515 | goto e_inval; | 521 | goto e_inval; |
516 | if (copy_from_user(&greqs, optval, sizeof(greqs))) { | 522 | if (copy_from_user(&greqs, optval, sizeof(greqs))) { |
517 | retv = -EFAULT; | 523 | retv = -EFAULT; |