diff options
Diffstat (limited to 'net/socket.c')
| -rw-r--r-- | net/socket.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/net/socket.c b/net/socket.c index 49917a1cac7d..75655365b5fd 100644 --- a/net/socket.c +++ b/net/socket.c | |||
| @@ -2098,12 +2098,17 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args) | |||
| 2098 | unsigned long a[6]; | 2098 | unsigned long a[6]; |
| 2099 | unsigned long a0, a1; | 2099 | unsigned long a0, a1; |
| 2100 | int err; | 2100 | int err; |
| 2101 | unsigned int len; | ||
| 2101 | 2102 | ||
| 2102 | if (call < 1 || call > SYS_ACCEPT4) | 2103 | if (call < 1 || call > SYS_ACCEPT4) |
| 2103 | return -EINVAL; | 2104 | return -EINVAL; |
| 2104 | 2105 | ||
| 2106 | len = nargs[call]; | ||
| 2107 | if (len > sizeof(a)) | ||
| 2108 | return -EINVAL; | ||
| 2109 | |||
| 2105 | /* copy_from_user should be SMP safe. */ | 2110 | /* copy_from_user should be SMP safe. */ |
| 2106 | if (copy_from_user(a, args, nargs[call])) | 2111 | if (copy_from_user(a, args, len)) |
| 2107 | return -EFAULT; | 2112 | return -EFAULT; |
| 2108 | 2113 | ||
| 2109 | audit_socketcall(nargs[call] / sizeof(unsigned long), a); | 2114 | audit_socketcall(nargs[call] / sizeof(unsigned long), a); |
| @@ -2386,7 +2391,7 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, | |||
| 2386 | } | 2391 | } |
| 2387 | 2392 | ||
| 2388 | int kernel_setsockopt(struct socket *sock, int level, int optname, | 2393 | int kernel_setsockopt(struct socket *sock, int level, int optname, |
| 2389 | char *optval, int optlen) | 2394 | char *optval, unsigned int optlen) |
| 2390 | { | 2395 | { |
| 2391 | mm_segment_t oldfs = get_fs(); | 2396 | mm_segment_t oldfs = get_fs(); |
| 2392 | int err; | 2397 | int err; |