Setsockopt in DCCP make the assumption that sizeof(int) is the same as
sizeof(u32), that isn't correct at all. ;)
best regards
HGN
Signed-off-by: Hagen Paul Pfeifer <[email protected]>
net/dccp/proto.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
applies-to: 69ebfee77c8a174c87ea8ed31e023c94b09a9d6e
d24574ecf034d259882a6de16d27aff60c009c8d
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index a021c34..a1be808 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -256,7 +256,7 @@ int dccp_setsockopt(struct sock *sk, int
if (level != SOL_DCCP)
return ip_setsockopt(sk, level, optname, optval, optlen);
- if (optlen < sizeof(int))
+ if (optlen < sizeof(u32))
return -EINVAL;
if (get_user(val, (int __user *)optval))
---
0.99.9g
In article <[email protected]> (at Tue, 22 Nov 2005 11:51:31 +0100), Hagen Paul Pfeifer <[email protected]> says:
> Setsockopt in DCCP make the assumption that sizeof(int) is the same as
> sizeof(u32), that isn't correct at all. ;)
The patch is not correct.
I think we should use int for DCCP_SOCKOPT_SERVICE.
Signed-off-by: YOSHIFUJI Hideaki <[email protected]>
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 8a6b2a9..f4299db 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -211,14 +211,21 @@ int dccp_ioctl(struct sock *sk, int cmd,
return -ENOIOCTLCMD;
}
-static int dccp_setsockopt_service(struct sock *sk, const u32 service,
+static int dccp_setsockopt_service(struct sock *sk,
char __user *optval, int optlen)
{
+ u32 service;
struct dccp_sock *dp = dccp_sk(sk);
struct dccp_service_list *sl = NULL;
- if (service == DCCP_SERVICE_INVALID_VALUE ||
- optlen > DCCP_SERVICE_LIST_MAX_LEN * sizeof(u32))
+ if (optlen < sizeof(u32) ||
+ optlen > DCCP_SERCICE_LISR_MAX_LEN * sizeof(u32))
+ return -EINVAL;
+
+ if (get_user(service, (u32 __user *)optval))
+ return -EFAULT;
+
+ if (service == DCCP_SERVICE_INVALID_VALUE)
return -EINVAL;
if (optlen > sizeof(service)) {
@@ -256,14 +263,14 @@ int dccp_setsockopt(struct sock *sk, int
if (level != SOL_DCCP)
return ip_setsockopt(sk, level, optname, optval, optlen);
+ if (optname == DCCP_SOCKOPT_SERVICE)
+ return dccp_setsockopt_service(sk, optval, optlen);
+
if (optlen < sizeof(int))
return -EINVAL;
if (get_user(val, (int __user *)optval))
return -EFAULT;
-
- if (optname == DCCP_SOCKOPT_SERVICE)
- return dccp_setsockopt_service(sk, val, optval, optlen);
lock_sock(sk);
dp = dccp_sk(sk);
--
YOSHIFUJI Hideaki @ USAGI Project <[email protected]>
GPG-FP : 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA