[PATCH] fix breakage in sctp getsockopt

From: Al Viro
Date: Sun Oct 14 2007 - 14:21:33 EST

Next message: Al Viro: "[PATCH] remove duplicate initializer (macvlan)"
Previous message: Al Viro: "[PATCH] skb->tail in ibm_newemac should be skb_tail_pointer()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

copy_to_user() into on-stack array

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
net/sctp/socket.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 9c6a4b5..bd6f42a 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5058,6 +5058,7 @@ static int sctp_getsockopt_active_key(struct sock *sk, int len,
static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
char __user *optval, int __user *optlen)
{
+ struct sctp_authchunks __user *p = (void __user *)optval;
struct sctp_authchunks val;
struct sctp_association *asoc;
struct sctp_chunks_param *ch;
@@ -5066,10 +5067,10 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
if (len <= sizeof(struct sctp_authchunks))
return -EINVAL;

- if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
+ if (copy_from_user(&val, p, sizeof(struct sctp_authchunks)))
return -EFAULT;

- to = val.gauth_chunks;
+ to = p->gauth_chunks;
asoc = sctp_id2assoc(sk, val.gauth_assoc_id);
if (!asoc)
return -EINVAL;
@@ -5092,6 +5093,7 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len,
char __user *optval, int __user *optlen)
{
+ struct sctp_authchunks __user *p = (void __user *)optval;
struct sctp_authchunks val;
struct sctp_association *asoc;
struct sctp_chunks_param *ch;
@@ -5100,10 +5102,10 @@ static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len,
if (len <= sizeof(struct sctp_authchunks))
return -EINVAL;

- if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
+ if (copy_from_user(&val, p, sizeof(struct sctp_authchunks)))
return -EFAULT;

- to = val.gauth_chunks;
+ to = p->gauth_chunks;
asoc = sctp_id2assoc(sk, val.gauth_assoc_id);
if (!asoc && val.gauth_assoc_id && sctp_style(sk, UDP))
return -EINVAL;
--
1.5.3.GIT
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "[PATCH] remove duplicate initializer (macvlan)"
Previous message: Al Viro: "[PATCH] skb->tail in ibm_newemac should be skb_tail_pointer()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]