[SPARC64]: Fix cmsg length checks in Solaris emulation layer.

author David S. Miller <davem@davemloft.net>

Tue, 21 Jun 2005 22:39:22 +0000 (15:39 -0700)

committer David S. Miller <davem@davemloft.net>

Tue, 21 Jun 2005 22:39:22 +0000 (15:39 -0700)
author David S. Miller <davem@davemloft.net>
Tue, 21 Jun 2005 22:39:22 +0000 (15:39 -0700)
committer David S. Miller <davem@davemloft.net>
Tue, 21 Jun 2005 22:39:22 +0000 (15:39 -0700)
diff --git a/arch/sparc64/solaris/socket.c b/arch/sparc64/solaris/socket.c

index ec8e074c4eac18ce7179f898390c8a250ed645b4..06740582717e4427da136ed80b139b4aa40cbf05 100644 (file)
--- a/arch/sparc64/solaris/socket.c
+++ b/arch/sparc64/solaris/socket.c
@@ -317,8 +317,10 @@ asmlinkage int solaris_sendmsg(int fd, struct sol_nmsghdr __user *user_msg, unsi
                 unsigned long *kcmsg;
                 compat_size_t cmlen;
  
-               if(kern_msg.msg_controllen > sizeof(ctl) &&
-                  kern_msg.msg_controllen <= 256) {
+               if (kern_msg.msg_controllen <= sizeof(compat_size_t))
+                       return -EINVAL;
+
+               if(kern_msg.msg_controllen > sizeof(ctl)) {
                         err = -ENOBUFS;
                         ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL);
                         if(!ctl_buf)
author	David S. Miller <davem@davemloft.net>
	Tue, 21 Jun 2005 22:39:22 +0000 (15:39 -0700)
committer	David S. Miller <davem@davemloft.net>
	Tue, 21 Jun 2005 22:39:22 +0000 (15:39 -0700)