Skip to content

Commit

Permalink
caif: don't set connection request param size before copying data
Browse files Browse the repository at this point in the history 
The size field should not be set until after the data is successfully
copied in.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Dan Rosenberg authored and David S. Miller committed Jan 11, 2011
1 parent 80ce3f6 commit 91b5c98
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/caif/caif_socket.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -740,12 +740,12 @@ static int setsockopt(struct socket *sock,
if (cf_sk->sk.sk_protocol != CAIFPROTO_UTIL)
return -ENOPROTOOPT;
lock_sock(&(cf_sk->sk));
cf_sk->conn_req.param.size = ol;
if (ol > sizeof(cf_sk->conn_req.param.data) ||
copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) {
release_sock(&cf_sk->sk);
return -EINVAL;
}
cf_sk->conn_req.param.size = ol;
release_sock(&cf_sk->sk);
return 0;

Expand Down

0 comments on commit 91b5c98

Please sign in to comment.