Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / kernel / msm / 39ebc0276bada8bb70e067cb6d0eb71839c0fb08
commit39ebc0276bada8bb70e067cb6d0eb71839c0fb08[log] [tgz]
authorArnaldo Carvalho de Melo <acme@ghostprotocols.net>Wed Mar 28 11:54:32 2007 -0700
committerDavid S. Miller <davem@davemloft.net>Wed Mar 28 11:54:32 2007 -0700
treea6afca93101b9142523d6814db12ec09d73e58ef
parent53aadcc90931dfa150f76ce9a5f9e8f3e43d57df [diff]
[DCCP] getsockopt: Fix DCCP_SOCKOPT_[SEND,RECV]_CSCOV

We were only checking if there was enough space to put the int, but
left len as specified by the (malicious) user, sigh, fix it by setting
len to sizeof(val) and transfering just one int worth of data, the one
asked for.

Also check for negative len values.

Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: a6afca93101b9142523d6814db12ec09d73e58ef
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. .mailmap
  20. COPYING
  21. CREDITS
  22. Kbuild
  23. MAINTAINERS
  24. Makefile
  25. README
  26. REPORTING-BUGS