summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWang Chen <wangchen@cn.fujitsu.com>2008-04-07 03:42:07 +0200
committerYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>2008-04-12 06:43:23 +0200
commita28398ba6112be28c6a92aacf06aca1979b454b7 (patch)
treed1998af0632459026ee9bf479afcf9897f626ac2
parent[IPV6] MIP6: Use our standard definitions for paddings. (diff)
downloadlinux-a28398ba6112be28c6a92aacf06aca1979b454b7.tar.xz
linux-a28398ba6112be28c6a92aacf06aca1979b454b7.zip
[IPV6]: Check length of optval provided by user in setsockopt().
Check length of setsockopt's optval, which provided by user, before copy it from user space. For POSIX compliant, return -EINVAL for setsockopt of short lengths. Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
-rw-r--r--net/ipv6/ipv6_sockglue.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index bf9695375219..bd3fb129b393 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -449,6 +449,9 @@ done:
{
struct ipv6_mreq mreq;
+ if (optlen < sizeof(struct ipv6_mreq))
+ goto e_inval;
+
retv = -EPROTO;
if (inet_sk(sk)->is_icsk)
break;
@@ -468,7 +471,7 @@ done:
{
struct ipv6_mreq mreq;
- if (optlen != sizeof(struct ipv6_mreq))
+ if (optlen < sizeof(struct ipv6_mreq))
goto e_inval;
retv = -EFAULT;
@@ -487,6 +490,9 @@ done:
struct group_req greq;
struct sockaddr_in6 *psin6;
+ if (optlen < sizeof(struct group_req))
+ goto e_inval;
+
retv = -EFAULT;
if (copy_from_user(&greq, optval, sizeof(struct group_req)))
break;
@@ -511,7 +517,7 @@ done:
struct group_source_req greqs;
int omode, add;
- if (optlen != sizeof(struct group_source_req))
+ if (optlen < sizeof(struct group_source_req))
goto e_inval;
if (copy_from_user(&greqs, optval, sizeof(greqs))) {
retv = -EFAULT;