summaryrefslogtreecommitdiffstats
path: root/arch/sparc64/solaris/socket.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2005-06-22 00:39:22 +0200
committerDavid S. Miller <davem@davemloft.net>2005-06-22 00:39:22 +0200
commit8005aba69a6440a535a4cc2aed99ffca580847e0 (patch)
treed15f836f483ec374751fd9eda4a4f7a8b816eff5 /arch/sparc64/solaris/socket.c
parentMerge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6 (diff)
downloadlinux-8005aba69a6440a535a4cc2aed99ffca580847e0.tar.xz
linux-8005aba69a6440a535a4cc2aed99ffca580847e0.zip
[SPARC64]: Fix cmsg length checks in Solaris emulation layer.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'arch/sparc64/solaris/socket.c')
-rw-r--r--arch/sparc64/solaris/socket.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/arch/sparc64/solaris/socket.c b/arch/sparc64/solaris/socket.c
index ec8e074c4eac..06740582717e 100644
--- a/arch/sparc64/solaris/socket.c
+++ b/arch/sparc64/solaris/socket.c
@@ -317,8 +317,10 @@ asmlinkage int solaris_sendmsg(int fd, struct sol_nmsghdr __user *user_msg, unsi
unsigned long *kcmsg;
compat_size_t cmlen;
- if(kern_msg.msg_controllen > sizeof(ctl) &&
- kern_msg.msg_controllen <= 256) {
+ if (kern_msg.msg_controllen <= sizeof(compat_size_t))
+ return -EINVAL;
+
+ if(kern_msg.msg_controllen > sizeof(ctl)) {
err = -ENOBUFS;
ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL);
if(!ctl_buf)