From 65193dfaadaafd4cb3cef7d7c605992963a97f7d Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <arjan@infradead.org>
Date: Wed, 14 Oct 2009 08:17:36 +1100
Subject: [PATCH] --- yaml --- r: 169155 b: refs/heads/master c:
 825332e4ff1373c55d931b49408df7ec2298f71e h: refs/heads/master i:   169153:
 8c941e26c010a19139091d7eb5d6217baef8e930   169151:
 45e5d50f1c19ccfea9f1368f2076e402bf9812a1 v: v3

---
 [refs]                    | 2 +-
 trunk/kernel/capability.c | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/[refs] b/[refs]
index 8b965d66b7ef..10c4a76f195b 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: a27ab9f26b729326778271c1efd895aef4fda1c4
+refs/heads/master: 825332e4ff1373c55d931b49408df7ec2298f71e
diff --git a/trunk/kernel/capability.c b/trunk/kernel/capability.c
index 4e17041963f5..c2316d3fa094 100644
--- a/trunk/kernel/capability.c
+++ b/trunk/kernel/capability.c
@@ -238,7 +238,7 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
 SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
 {
 	struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
-	unsigned i, tocopy;
+	unsigned i, tocopy, copybytes;
 	kernel_cap_t inheritable, permitted, effective;
 	struct cred *new;
 	int ret;
@@ -255,8 +255,11 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
 	if (pid != 0 && pid != task_pid_vnr(current))
 		return -EPERM;
 
-	if (copy_from_user(&kdata, data,
-			   tocopy * sizeof(struct __user_cap_data_struct)))
+	copybytes = tocopy * sizeof(struct __user_cap_data_struct);
+	if (copybytes > sizeof(kdata))
+		return -EFAULT;
+
+	if (copy_from_user(&kdata, data, copybytes))
 		return -EFAULT;
 
 	for (i = 0; i < tocopy; i++) {