From: Neil Horman Date: Mon, 18 Jun 2007 23:59:16 +0000 (-0400) Subject: SCTP: Fix sctp_getsockopt_get_peer_addrs X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=186e234358ba29a4094d0c8c0d3ea00f84d32a3e;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git SCTP: Fix sctp_getsockopt_get_peer_addrs This is the split out of the patch that we agreed I should split out from my last patch. It changes space_left to be computed in the same way the to variable is. I know we talked about changing space_left to an int, but I think size_t is more appropriate, since we should never have negative space in our buffer, and computing using offsetof means space_left should now never drop below zero. Signed-off-by: Neil Horman Acked-by: Sridhar Samudrala Signed-off-by: Vlad Yasevich --- diff --git a/net/sctp/socket.c b/net/sctp/socket.c index c1f239ac12b9..2fc036699d48 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4019,8 +4019,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, return -EINVAL; to = optval + offsetof(struct sctp_getaddrs,addrs); - space_left = len - sizeof(struct sctp_getaddrs) - - offsetof(struct sctp_getaddrs,addrs); + space_left = len - offsetof(struct sctp_getaddrs,addrs); list_for_each(pos, &asoc->peer.transport_addr_list) { from = list_entry(pos, struct sctp_transport, transports); @@ -4327,8 +4326,8 @@ static int sctp_getsockopt_local_addrs(struct sock *sk, int len, } to = optval + offsetof(struct sctp_getaddrs,addrs); - space_left = len - sizeof(struct sctp_getaddrs) - - offsetof(struct sctp_getaddrs,addrs); + space_left = len - offsetof(struct sctp_getaddrs,addrs); + addrs = kmalloc(space_left, GFP_KERNEL); if (!addrs) return -ENOMEM;