Message ID | 146658904716.4550.5805807444765528663.stgit@warthog.procyon.org.uk |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c index 408bd024125b..b29bb50af5de 100644 --- a/net/rxrpc/af_rxrpc.c +++ b/net/rxrpc/af_rxrpc.c @@ -280,9 +280,14 @@ struct rxrpc_call *rxrpc_kernel_begin_call(struct socket *sock, struct rxrpc_transport *trans; struct rxrpc_call *call; struct rxrpc_sock *rx = rxrpc_sk(sock->sk); + int ret; _enter(",,%x,%lx", key_serial(key), user_call_ID); + ret = rxrpc_validate_address(rx, srx, sizeof(*srx)); + if (ret < 0) + return ERR_PTR(ret); + lock_sock(&rx->sk); if (!key)
Validate the net address given to rxrpc_kernel_begin_call() before using it. Whilst this should be mostly unnecessary for in-kernel users, it does clear the tail of the address struct in case we want to hash or compare the whole thing. Signed-off-by: David Howells <dhowells@redhat.com> --- net/rxrpc/af_rxrpc.c | 5 +++++ 1 file changed, 5 insertions(+)