caif: don't set connection request param size before copying data The size field should not be set until after the data is successfully copied in. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 91b5c98c2e062f982423686c77b8bf31f37fa196 [log] [tgz]
author: Dan Rosenberg <drosenberg@vsecurity.com> Mon Jan 10 16:00:54 2011 -0800
committer: David S. Miller <davem@davemloft.net> Mon Jan 10 16:00:54 2011 -0800
tree: 02faff8ec23c12bf139ae6adf501e77417346250
parent: 80ce3f67e75ffa14ad99b26457a7e9558b8b001a [diff] [blame]
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 1bf0cf5..8184c03 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c

@@ -740,12 +740,12 @@
 		if (cf_sk->sk.sk_protocol != CAIFPROTO_UTIL)
 			return -ENOPROTOOPT;
 		lock_sock(&(cf_sk->sk));
-		cf_sk->conn_req.param.size = ol;
 		if (ol > sizeof(cf_sk->conn_req.param.data) ||
 			copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) {
 			release_sock(&cf_sk->sk);
 			return -EINVAL;
 		}
+		cf_sk->conn_req.param.size = ol;
 		release_sock(&cf_sk->sk);
 		return 0;
commit	91b5c98c2e062f982423686c77b8bf31f37fa196	[log] [tgz]
author	Dan Rosenberg <drosenberg@vsecurity.com>	Mon Jan 10 16:00:54 2011 -0800
committer	David S. Miller <davem@davemloft.net>	Mon Jan 10 16:00:54 2011 -0800
tree	02faff8ec23c12bf139ae6adf501e77417346250
parent	80ce3f67e75ffa14ad99b26457a7e9558b8b001a [diff] [blame]