2.4.36-stable kernel tree
Revision | 9143f9a4c34cd8b918fef698960994a70dbebc9a (tree) |
---|---|
Zeit | 2005-06-20 12:23:14 |
Autor | David S. Miller <davem@dave...> |
Commiter | David S. Miller |
[SPARC64]: Fix cmsg length checks in Solaris emulation layer.
Signed-off-by: David S. Miller <davem@davemloft.net>
@@ -410,8 +410,10 @@ asmlinkage int solaris_sendmsg(int fd, struct sol_nmsghdr *user_msg, unsigned us | ||
410 | 410 | unsigned long *kcmsg; |
411 | 411 | __kernel_size_t32 cmlen; |
412 | 412 | |
413 | - if(kern_msg.msg_controllen > sizeof(ctl) && | |
414 | - kern_msg.msg_controllen <= 256) { | |
413 | + if (kern_msg.msg_controllen <= sizeof(__kernel_size_t32)) | |
414 | + return -EINVAL; | |
415 | + | |
416 | + if(kern_msg.msg_controllen > sizeof(ctl)) { | |
415 | 417 | err = -ENOBUFS; |
416 | 418 | ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL); |
417 | 419 | if(!ctl_buf) |