aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/sctp/auth.c3
-rw-r--r--net/sctp/socket.c6
2 files changed, 7 insertions, 2 deletions
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 1fcb4cf2f4c9..52db5f60daa0 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -786,6 +786,9 @@ int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
786 for (i = 0; i < hmacs->shmac_num_idents; i++) { 786 for (i = 0; i < hmacs->shmac_num_idents; i++) {
787 id = hmacs->shmac_idents[i]; 787 id = hmacs->shmac_idents[i];
788 788
789 if (id > SCTP_AUTH_HMAC_ID_MAX)
790 return -EOPNOTSUPP;
791
789 if (SCTP_AUTH_HMAC_ID_SHA1 == id) 792 if (SCTP_AUTH_HMAC_ID_SHA1 == id)
790 has_sha1 = 1; 793 has_sha1 = 1;
791 794
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 9b9b2c31dd15..5ffb9dec1c3f 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3086,6 +3086,7 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk,
3086 int optlen) 3086 int optlen)
3087{ 3087{
3088 struct sctp_hmacalgo *hmacs; 3088 struct sctp_hmacalgo *hmacs;
3089 u32 idents;
3089 int err; 3090 int err;
3090 3091
3091 if (!sctp_auth_enable) 3092 if (!sctp_auth_enable)
@@ -3103,8 +3104,9 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk,
3103 goto out; 3104 goto out;
3104 } 3105 }
3105 3106
3106 if (hmacs->shmac_num_idents == 0 || 3107 idents = hmacs->shmac_num_idents;
3107 hmacs->shmac_num_idents > SCTP_AUTH_NUM_HMACS) { 3108 if (idents == 0 || idents > SCTP_AUTH_NUM_HMACS ||
3109 (idents * sizeof(u16)) > (optlen - sizeof(struct sctp_hmacalgo))) {
3108 err = -EINVAL; 3110 err = -EINVAL;
3109 goto out; 3111 goto out;
3110 } 3112 }