3 files changed, 21 insertions, 10 deletions

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 37464c592c92..8f92e1dea966 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -84,6 +84,9 @@ extern int audit_classify_arch(int arch);
 #define AUDIT_TYPE_CHILD_DELETE 3       /* a child being deleted */
 #define AUDIT_TYPE_CHILD_CREATE 4       /* a child being created */
 
+/* maximized args number that audit_socketcall can process */
+#define AUDITSC_ARGS            6
+
 struct filename;
 
 #ifdef CONFIG_AUDITSYSCALL
@@ -190,7 +193,7 @@ extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
 extern int __audit_bprm(struct linux_binprm *bprm);
-extern void __audit_socketcall(int nargs, unsigned long *args);
+extern int __audit_socketcall(int nargs, unsigned long *args);
 extern int __audit_sockaddr(int len, void *addr);
 extern void __audit_fd_pair(int fd1, int fd2);
 extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr);
@@ -224,10 +227,11 @@ static inline int audit_bprm(struct linux_binprm *bprm)
                 return __audit_bprm(bprm);
         return 0;
 }
-static inline void audit_socketcall(int nargs, unsigned long *args)
+static inline int audit_socketcall(int nargs, unsigned long *args)
 {
         if (unlikely(!audit_dummy_context()))
-                __audit_socketcall(nargs, args);
+                return __audit_socketcall(nargs, args);
+        return 0;
 }
 static inline int audit_sockaddr(int len, void *addr)
 {
@@ -354,8 +358,10 @@ static inline int audit_bprm(struct linux_binprm *bprm)
 {
         return 0;
 }
-static inline void audit_socketcall(int nargs, unsigned long *args)
-{ }
+static inline int audit_socketcall(int nargs, unsigned long *args)
+{
+        return 0;
+}
 static inline void audit_fd_pair(int fd1, int fd2)
 { }
 static inline int audit_sockaddr(int len, void *addr)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b59ffb293ded..d57ad32db367 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -226,7 +226,7 @@ struct audit_context {
         union {
                 struct {
                         int nargs;
-                        long args[6];
+                        long args[AUDITSC_ARGS];
                 } socketcall;
                 struct {
                         kuid_t                  uid;
@@ -2491,17 +2491,20 @@ int __audit_bprm(struct linux_binprm *bprm)
 
 /**
  * audit_socketcall - record audit data for sys_socketcall
- * @nargs: number of args
+ * @nargs: number of args, which should not be more than AUDITSC_ARGS.
  * @args: args array
  *
  */
-void __audit_socketcall(int nargs, unsigned long *args)
+int __audit_socketcall(int nargs, unsigned long *args)
 {
         struct audit_context *context = current->audit_context;
 
+        if (nargs <= 0 || nargs > AUDITSC_ARGS || !args)
+                return -EINVAL;
         context->type = AUDIT_SOCKETCALL;
         context->socketcall.nargs = nargs;
         memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long));
+        return 0;
 }
 
 /**
diff --git a/net/socket.c b/net/socket.c
index 2ca51c719ef9..1bbc37b7a312 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2436,7 +2436,7 @@ static const unsigned char nargs[21] = {
 
 SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
 {
-        unsigned long a[6];
+        unsigned long a[AUDITSC_ARGS];
         unsigned long a0, a1;
         int err;
         unsigned int len;
@@ -2452,7 +2452,9 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
         if (copy_from_user(a, args, len))
                 return -EFAULT;
 
-        audit_socketcall(nargs[call] / sizeof(unsigned long), a);
+        err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
+        if (err)
+                return err;
 
         a0 = a[0];
         a1 = a[1];