| Message ID | 1387755151-9653-1-git-send-email-fw@strlen.de |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On Mon, Dec 23, 2013 at 12:32:31AM +0100, Florian Westphal wrote: > --- a/net/rose/af_rose.c > +++ b/net/rose/af_rose.c > @@ -1253,6 +1253,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, > > if (msg->msg_name) { > struct sockaddr_rose *srose; > + struct full_sockaddr_rose *full_srose = msg->msg_name; > > memset(msg->msg_name, 0, sizeof(struct full_sockaddr_rose)); > srose = msg->msg_name; > @@ -1260,18 +1261,9 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, > srose->srose_addr = rose->dest_addr; > srose->srose_call = rose->dest_call; > srose->srose_ndigis = rose->dest_ndigis; > - if (msg->msg_namelen >= sizeof(struct full_sockaddr_rose)) { > - struct full_sockaddr_rose *full_srose = (struct full_sockaddr_rose *)msg->msg_name; > - for (n = 0 ; n < rose->dest_ndigis ; n++) > - full_srose->srose_digis[n] = rose->dest_digis[n]; > - msg->msg_namelen = sizeof(struct full_sockaddr_rose); > - } else { > - if (rose->dest_ndigis >= 1) { > - srose->srose_ndigis = 1; > - srose->srose_digi = rose->dest_digis[0]; > - } > - msg->msg_namelen = sizeof(struct sockaddr_rose); > - } > + for (n = 0 ; n < rose->dest_ndigis ; n++) > + full_srose->srose_digis[n] = rose->dest_digis[n]; > + msg->msg_namelen = sizeof(struct full_sockaddr_rose); > } > > skb_free_datagram(sk, skb); Looks good. I guess we want to push that to stable, too? Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Hannes Frederic Sowa <hannes@stressinduktion.org> Date: Mon, 23 Dec 2013 04:17:06 +0100 > Looks good. I guess we want to push that to stable, too? > > Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Applied and queued up for -stable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c index 33af772..62ced65 100644 --- a/net/rose/af_rose.c +++ b/net/rose/af_rose.c @@ -1253,6 +1253,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, if (msg->msg_name) { struct sockaddr_rose *srose; + struct full_sockaddr_rose *full_srose = msg->msg_name; memset(msg->msg_name, 0, sizeof(struct full_sockaddr_rose)); srose = msg->msg_name; @@ -1260,18 +1261,9 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, srose->srose_addr = rose->dest_addr; srose->srose_call = rose->dest_call; srose->srose_ndigis = rose->dest_ndigis; - if (msg->msg_namelen >= sizeof(struct full_sockaddr_rose)) { - struct full_sockaddr_rose *full_srose = (struct full_sockaddr_rose *)msg->msg_name; - for (n = 0 ; n < rose->dest_ndigis ; n++) - full_srose->srose_digis[n] = rose->dest_digis[n]; - msg->msg_namelen = sizeof(struct full_sockaddr_rose); - } else { - if (rose->dest_ndigis >= 1) { - srose->srose_ndigis = 1; - srose->srose_digi = rose->dest_digis[0]; - } - msg->msg_namelen = sizeof(struct sockaddr_rose); - } + for (n = 0 ; n < rose->dest_ndigis ; n++) + full_srose->srose_digis[n] = rose->dest_digis[n]; + msg->msg_namelen = sizeof(struct full_sockaddr_rose); } skb_free_datagram(sk, skb);
recvmsg handler in net/rose/af_rose.c performs size-check ->msg_namelen. After commit f3d3342602f8bcbf37d7c46641cb9bca7618eb1c (net: rework recvmsg handler msg_name and msg_namelen logic), we now always take the else branch due to namelen being initialized to 0. Digging in netdev-vger-cvs git repo shows that msg_namelen was initialized with a fixed-size since at least 1995, so the else branch was never taken. Compile tested only. Signed-off-by: Florian Westphal <fw@strlen.de> --- net/rose/af_rose.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-)