projects
/
GitHub
/
LineageOS
/
G12
/
android_kernel_amlogic_linux-4.9.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
1d345da
)
[SPARC64]: Fix cmsg length checks in Solaris emulation layer.
author
David S. Miller
<davem@davemloft.net>
Tue, 21 Jun 2005 22:39:22 +0000
(15:39 -0700)
committer
David S. Miller
<davem@davemloft.net>
Tue, 21 Jun 2005 22:39:22 +0000
(15:39 -0700)
Signed-off-by: David S. Miller <davem@davemloft.net>
arch/sparc64/solaris/socket.c
patch
|
blob
|
blame
|
history
diff --git
a/arch/sparc64/solaris/socket.c
b/arch/sparc64/solaris/socket.c
index ec8e074c4eac18ce7179f898390c8a250ed645b4..06740582717e4427da136ed80b139b4aa40cbf05 100644
(file)
--- a/
arch/sparc64/solaris/socket.c
+++ b/
arch/sparc64/solaris/socket.c
@@
-317,8
+317,10
@@
asmlinkage int solaris_sendmsg(int fd, struct sol_nmsghdr __user *user_msg, unsi
unsigned long *kcmsg;
compat_size_t cmlen;
- if(kern_msg.msg_controllen > sizeof(ctl) &&
- kern_msg.msg_controllen <= 256) {
+ if (kern_msg.msg_controllen <= sizeof(compat_size_t))
+ return -EINVAL;
+
+ if(kern_msg.msg_controllen > sizeof(ctl)) {
err = -ENOBUFS;
ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL);
if(!ctl_buf)