diff options
| author | Arnaldo Carvalho de Melo | 2008-08-13 22:48:39 +0200 |
|---|---|---|
| committer | David S. Miller | 2008-08-13 22:48:39 +0200 |
| commit | 3e8a0a559c66ee9e7468195691a56fefc3589740 (patch) | |
| tree | cc54fecf644c138c38dd29b960c7dc42cbe6b558 | |
| parent | xfrm: remove unnecessary variable in xfrm_output_resume() 2nd try (diff) | |
| download | kernel-qcow2-linux-3e8a0a559c66ee9e7468195691a56fefc3589740.tar.gz kernel-qcow2-linux-3e8a0a559c66ee9e7468195691a56fefc3589740.tar.xz kernel-qcow2-linux-3e8a0a559c66ee9e7468195691a56fefc3589740.zip | |
dccp: change L/R must have at least one byte in the dccpsf_val field
Thanks to Eugene Teo for reporting this problem.
Signed-off-by: Eugene Teo <eugenete@kernel.sg>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/dccp/proto.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/dccp/proto.c b/net/dccp/proto.c index b622d9744856..1ca3b26eed0f 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -474,6 +474,11 @@ static int dccp_setsockopt_change(struct sock *sk, int type, if (copy_from_user(&opt, optval, sizeof(opt))) return -EFAULT; + /* + * rfc4340: 6.1. Change Options + */ + if (opt.dccpsf_len < 1) + return -EINVAL; val = kmalloc(opt.dccpsf_len, GFP_KERNEL); if (!val) |