summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArnaldo Carvalho de Melo <acme@redhat.com>2008-08-13 13:48:39 -0700
committerGreg Kroah-Hartman <gregkh@suse.de>2008-08-20 11:15:28 -0700
commitab332c1c4bcdd94cb1d2eb6778e38b4b640f918a (patch)
treeed0500e6c464866daf9c97bde91b857c90a29048
parentfec02fcbfad86016a1e458cce9d40a0383fb3966 (diff)
downloadlwn-ab332c1c4bcdd94cb1d2eb6778e38b4b640f918a.tar.gz
lwn-ab332c1c4bcdd94cb1d2eb6778e38b4b640f918a.zip
dccp: change L/R must have at least one byte in the dccpsf_val field
commit 3e8a0a559c66ee9e7468195691a56fefc3589740 upstream Thanks to Eugene Teo for reporting this problem. Signed-off-by: Eugene Teo <eugeneteo@kernel.sg> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--net/dccp/proto.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index c91d3c1fd30d..c3e3acb2a158 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -477,6 +477,11 @@ static int dccp_setsockopt_change(struct sock *sk, int type,
if (copy_from_user(&opt, optval, sizeof(opt)))
return -EFAULT;
+ /*
+ * rfc4340: 6.1. Change Options
+ */
+ if (opt.dccpsf_len < 1)
+ return -EINVAL;
val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
if (!val)