Message ID | 20130227204144.GA11300@longonot.mountain |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
From: Dan Carpenter <dan.carpenter@oracle.com> Date: Wed, 27 Feb 2013 23:41:44 +0300 > This check is missing an upper bound. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > This should go in 3.8 -stable as well. There is a discussion and patch on netdev already. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index c99458d..fbd8386 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -5652,6 +5652,8 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len, /* User must provide at least the assoc id */ if (len < sizeof(sctp_assoc_t)) return -EINVAL; + if (len > sizeof(struct sctp_assoc_stats)) + len = sizeof(struct sctp_assoc_stats); if (copy_from_user(&sas, optval, len)) return -EFAULT;
This check is missing an upper bound. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- This should go in 3.8 -stable as well. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html