Patchwork [09/11] tipc: use limited socket backlog CVE-2010-4251

login
register
mail settings
Submitter Paolo Pisati
Date July 11, 2011, 8:17 a.m.
Message ID <1310372268-3840-10-git-send-email-paolo.pisati@canonical.com>
Download mbox | patch
Permalink /patch/104180/
State New
Headers show

Comments

Paolo Pisati - July 11, 2011, 8:17 a.m.
From: Zhu Yi <yi.zhu@intel.com>

tipc: use limited socket backlog

BugLink: http://bugs.launchpad.net/bugs/807462

commit upstream 53eecb1be5ae499d399d2923933937a9ea1a284f

Make tipc adapt to the limited socket backlog change.

CVE-2010-4251

Cc: Jon Maloy <jon.maloy@ericsson.com>
Cc: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
---
 net/tipc/socket.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

Patch

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 8ebf4975..bf4b320 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1323,8 +1323,10 @@  static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf)
 	if (!sock_owned_by_user(sk)) {
 		res = filter_rcv(sk, buf);
 	} else {
-		sk_add_backlog(sk, buf);
-		res = TIPC_OK;
+		if (sk_add_backlog_limited(sk, buf))
+			res = TIPC_ERR_OVERLOAD;
+		else
+			res = TIPC_OK;
 	}
 	bh_unlock_sock(sk);