summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorAllan Stephens <Allan.Stephens@windriver.com>2010-04-20 17:58:24 -0400
committerPaul Gortmaker <paul.gortmaker@windriver.com>2011-05-10 16:03:56 -0400
commitc29c3f70c9eb6f18090da5af9dbe9dcb4adece8c (patch)
tree28521412e2c927952bd4fea9dbae49db55b12f16 /net
parent66e019a6af827a254641e83e96ee36b0f4adc5e3 (diff)
downloadlwn-c29c3f70c9eb6f18090da5af9dbe9dcb4adece8c.tar.gz
lwn-c29c3f70c9eb6f18090da5af9dbe9dcb4adece8c.zip
tipc: Abort excessive send requests as early as possible
Adds checks to TIPC's socket send routines to promptly detect and abort attempts to send more than 66,000 bytes in a single TIPC message or more than 2**31-1 bytes in a single TIPC byte stream request. In addition, this ensures that the number of iovecs in a send request does not exceed the limits of a standard integer variable. Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/tipc/socket.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 29d94d53198d..e1c791798ba1 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -535,6 +535,9 @@ static int send_msg(struct kiocb *iocb, struct socket *sock,
if (unlikely((m->msg_namelen < sizeof(*dest)) ||
(dest->family != AF_TIPC)))
return -EINVAL;
+ if ((total_len > TIPC_MAX_USER_MSG_SIZE) ||
+ (m->msg_iovlen > (unsigned)INT_MAX))
+ return -EMSGSIZE;
if (iocb)
lock_sock(sk);
@@ -640,6 +643,10 @@ static int send_packet(struct kiocb *iocb, struct socket *sock,
if (unlikely(dest))
return send_msg(iocb, sock, m, total_len);
+ if ((total_len > TIPC_MAX_USER_MSG_SIZE) ||
+ (m->msg_iovlen > (unsigned)INT_MAX))
+ return -EMSGSIZE;
+
if (iocb)
lock_sock(sk);
@@ -723,6 +730,12 @@ static int send_stream(struct kiocb *iocb, struct socket *sock,
goto exit;
}
+ if ((total_len > (unsigned)INT_MAX) ||
+ (m->msg_iovlen > (unsigned)INT_MAX)) {
+ res = -EMSGSIZE;
+ goto exit;
+ }
+
/*
* Send each iovec entry using one or more messages
*