[PATCH] ieee802154: verify packet size before trying to allocate it

From: Sasha Levin
Date: Sun Jun 10 2012 - 07:09:51 EST

Next message: Al Viro: "Re: [PATCH 00/21] vfs: atomic open v6 (part 2)"
Previous message: Joerg Platte: "Kernel 3.4.X NFS regression"
Next in thread: Alan Cox: "Re: [PATCH] ieee802154: verify packet size before trying toallocate it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently when sending data over datagram, the send function will attempt to
allocate any size passed on from the userspace.

We should make sure that this size is checked and limited. The maximum size
of an IP packet seemed like the safest limit here.

Signed-off-by: Sasha Levin <levinsasha928@xxxxxxxxx>
---

Change in v2:
- Limit by maximum size the protocol supports.

net/ieee802154/dgram.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/net/ieee802154/dgram.c b/net/ieee802154/dgram.c
index 6fbb2ad..628498c 100644
--- a/net/ieee802154/dgram.c
+++ b/net/ieee802154/dgram.c
@@ -232,6 +232,11 @@ static int dgram_sendmsg(struct kiocb *iocb, struct sock *sk,

hlen = LL_RESERVED_SPACE(dev);
tlen = dev->needed_tailroom;
+ if (hlen + tlen + size > IEEE802154_MTU) {
+ err = -EMSGSIZE;
+ goto out;
+ }
+
skb = sock_alloc_send_skb(sk, hlen + tlen + size,
msg->msg_flags & MSG_DONTWAIT,
&err);
--
1.7.8.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: [PATCH 00/21] vfs: atomic open v6 (part 2)"
Previous message: Joerg Platte: "Kernel 3.4.X NFS regression"
Next in thread: Alan Cox: "Re: [PATCH] ieee802154: verify packet size before trying toallocate it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]