From patchwork Thu Jan 29 08:21:15 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: roel kluin X-Patchwork-Id: 20963 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 2119BDDF78 for ; Thu, 29 Jan 2009 19:21:25 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752653AbZA2IVS (ORCPT ); Thu, 29 Jan 2009 03:21:18 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752606AbZA2IVS (ORCPT ); Thu, 29 Jan 2009 03:21:18 -0500 Received: from mail-ew0-f21.google.com ([209.85.219.21]:47998 "EHLO mail-ew0-f21.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752241AbZA2IVR (ORCPT ); Thu, 29 Jan 2009 03:21:17 -0500 Received: by ewy14 with SMTP id 14so3841382ewy.13 for ; Thu, 29 Jan 2009 00:21:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:content-type :content-transfer-encoding; bh=paB6fC92aoOLQt0MPW4qcfVKzUBcK+b3BTIG/2yQlrk=; b=ClZ/evAxAYW4OCTbVSIeNWP1hrE3JHaZmj7BPm2zFFCODg4UuZacxq2KeU5pPFjINP EuUs6cyZ7AlWahApiCI7qxMae+arsoXZ5i7k11OQfQrLaftPU1dubVJ0VefAGpQ9z3WL jenMTHaRZxU2jjOf/ZJZZgGc5XKkU4mkbsrYA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :content-type:content-transfer-encoding; b=mbfZ1RgbsuHBfVoZ7oZqWlITi0GiK96WucbeAEA44g6Y21u+t/+KV04Nuyp44lNIQ9 R1uYtfN+SzqStAJxaSpcmtox7Lf3VUbG/QfXv/2efh9Im3kYpH2EMMJYcSc5s3YXG82C pecQ897FxSTzhjdUgtA58zgo8oKPzsQIbz1zs= Received: by 10.67.40.15 with SMTP id s15mr3606759ugj.89.1233217275999; Thu, 29 Jan 2009 00:21:15 -0800 (PST) Received: from ?192.168.1.115? (d133062.upc-d.chello.nl [213.46.133.62]) by mx.google.com with ESMTPS id j34sm8967336ugc.40.2009.01.29.00.21.15 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 29 Jan 2009 00:21:15 -0800 (PST) Message-ID: <498166FB.5030104@gmail.com> Date: Thu, 29 Jan 2009 09:21:15 +0100 From: Roel Kluin User-Agent: Thunderbird 2.0.0.18 (X11/20081105) MIME-Version: 1.0 To: christine.caulfield@googlemail.com CC: linux-decnet-user@lists.sourceforge.net, netdev@vger.kernel.org Subject: [PATCH] decnet: incorrect optlen size Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Several functions with something like this occur: int sock_set_foo(int optlen, ...) { struct food foo; if (optlen < sizeof(foo)) return -EINVAL; if (copy_from_user(&foo, optval, sizeof(foo))) return -EFAULT; ... } see for instance: grep -C5 -E -R -n "copy_from_user\(&([a-zA-Z0-9]*), optval, sizeof\(\1\)\)" net but in __dn_setsockopt, below, the checks are slightly different. Should maybe the changes below be apllied? -------------->8----------------8<----------------------- fix size checks before copy_from_user Signed-off-by: Roel Kluin --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c index cf0e184..45b9199 100644 --- a/net/decnet/af_decnet.c +++ b/net/decnet/af_decnet.c @@ -1359,10 +1359,10 @@ static int __dn_setsockopt(struct socket *sock, int level,int optname, char __us if (optlen && !optval) return -EINVAL; - if (optlen > sizeof(u)) + if (optlen < sizeof(u)) return -EINVAL; - if (copy_from_user(&u, optval, optlen)) + if (copy_from_user(&u, optval, sizeof(u))) return -EFAULT; switch(optname) {