Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 3da947b2693993d5f6138f005d2625e9387c9618^! / . / net / ieee802154 / dgram.c
commit3da947b2693993d5f6138f005d2625e9387c9618[log] [tgz]
authorSasha Levin <levinsasha928@gmail.com>Mon Jul 02 01:29:55 2012 +0000
committerDavid S. Miller <davem@davemloft.net>Sun Jul 08 23:49:30 2012 -0700
treeaf7f831e5570f8081bd6d973a3aef7195f8a8967
parent9e85a6f9dc231f3ed3c1dc1b12217505d970142a [diff] [blame]
ieee802154: verify packet size before trying to allocate it

Currently when sending data over datagram, the send function will attempt to
allocate any size passed on from the userspace.

We should make sure that this size is checked and limited. We'll limit it
to the MTU of the device, which is checked later anyway.

Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ieee802154/dgram.c b/net/ieee802154/dgram.c
index 6fbb2ad..1670561 100644
--- a/net/ieee802154/dgram.c
+++ b/net/ieee802154/dgram.c

@@ -230,6 +230,12 @@
 	mtu = dev->mtu;
 	pr_debug("name = %s, mtu = %u\n", dev->name, mtu);
 
+	if (size > mtu) {
+		pr_debug("size = %Zu, mtu = %u\n", size, mtu);
+		err = -EINVAL;
+		goto out_dev;
+	}
+
 	hlen = LL_RESERVED_SPACE(dev);
 	tlen = dev->needed_tailroom;
 	skb = sock_alloc_send_skb(sk, hlen + tlen + size,
@@ -258,12 +264,6 @@
 	if (err < 0)
 		goto out_skb;
 
-	if (size > mtu) {
-		pr_debug("size = %Zu, mtu = %u\n", size, mtu);
-		err = -EINVAL;
-		goto out_skb;
-	}
-
 	skb->dev = dev;
 	skb->sk  = sk;
 	skb->protocol = htons(ETH_P_IEEE802154);