ip_rt_ioctl(): take copyin to caller Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: ca25c30040f93c127ff1651aa636c0174f1e0cdb [log] [tgz]
author: Al Viro <viro@zeniv.linux.org.uk> Sat Jul 01 08:03:10 2017 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> Wed Jan 24 19:13:45 2018 -0500
tree: 03025f47a77cbcb5dc28a4124a36301a9143958f
parent: 03aef17bb79b3dc02b1352ee2f55fca799dbad7f [diff] [blame]
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 1c2bfee..c24008d 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c

@@ -874,6 +874,7 @@ int inet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 	struct net *net = sock_net(sk);
 	void __user *p = (void __user *)arg;
 	struct ifreq ifr;
+	struct rtentry rt;
 
 	switch (cmd) {
 	case SIOCGSTAMP:
@@ -884,8 +885,12 @@ int inet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 		break;
 	case SIOCADDRT:
 	case SIOCDELRT:
+		if (copy_from_user(&rt, p, sizeof(struct rtentry)))
+			return -EFAULT;
+		err = ip_rt_ioctl(net, cmd, &rt);
+		break;
 	case SIOCRTMSG:
-		err = ip_rt_ioctl(net, cmd, (void __user *)arg);
+		err = -EINVAL;
 		break;
 	case SIOCDARP:
 	case SIOCGARP:
commit	ca25c30040f93c127ff1651aa636c0174f1e0cdb	[log] [tgz]
author	Al Viro <viro@zeniv.linux.org.uk>	Sat Jul 01 08:03:10 2017 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	Wed Jan 24 19:13:45 2018 -0500
tree	03025f47a77cbcb5dc28a4124a36301a9143958f
parent	03aef17bb79b3dc02b1352ee2f55fca799dbad7f [diff] [blame]