caif: don't set connection request param size before copying data
authorDan Rosenberg <drosenberg@vsecurity.com>
Tue, 11 Jan 2011 00:00:54 +0000 (16:00 -0800)
committerDavid S. Miller <davem@davemloft.net>
Tue, 11 Jan 2011 00:00:54 +0000 (16:00 -0800)
The size field should not be set until after the data is successfully
copied in.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/caif/caif_socket.c

index 1bf0cf503796f27668d8dc8c1e9a733fd6e76bdd..8184c031d028b01fdcc435d7729cda022f925535 100644 (file)
@@ -740,12 +740,12 @@ static int setsockopt(struct socket *sock,
                if (cf_sk->sk.sk_protocol != CAIFPROTO_UTIL)
                        return -ENOPROTOOPT;
                lock_sock(&(cf_sk->sk));
-               cf_sk->conn_req.param.size = ol;
                if (ol > sizeof(cf_sk->conn_req.param.data) ||
                        copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) {
                        release_sock(&cf_sk->sk);
                        return -EINVAL;
                }
+               cf_sk->conn_req.param.size = ol;
                release_sock(&cf_sk->sk);
                return 0;