In article <[email protected]> (at Tue, 22 Nov 2005 11:51:31 +0100), Hagen Paul Pfeifer <[email protected]> says:
> Setsockopt in DCCP make the assumption that sizeof(int) is the same as
> sizeof(u32), that isn't correct at all. ;)
The patch is not correct.
I think we should use int for DCCP_SOCKOPT_SERVICE.
Signed-off-by: YOSHIFUJI Hideaki <[email protected]>
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 8a6b2a9..f4299db 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -211,14 +211,21 @@ int dccp_ioctl(struct sock *sk, int cmd,
return -ENOIOCTLCMD;
}
-static int dccp_setsockopt_service(struct sock *sk, const u32 service,
+static int dccp_setsockopt_service(struct sock *sk,
char __user *optval, int optlen)
{
+ u32 service;
struct dccp_sock *dp = dccp_sk(sk);
struct dccp_service_list *sl = NULL;
- if (service == DCCP_SERVICE_INVALID_VALUE ||
- optlen > DCCP_SERVICE_LIST_MAX_LEN * sizeof(u32))
+ if (optlen < sizeof(u32) ||
+ optlen > DCCP_SERCICE_LISR_MAX_LEN * sizeof(u32))
+ return -EINVAL;
+
+ if (get_user(service, (u32 __user *)optval))
+ return -EFAULT;
+
+ if (service == DCCP_SERVICE_INVALID_VALUE)
return -EINVAL;
if (optlen > sizeof(service)) {
@@ -256,14 +263,14 @@ int dccp_setsockopt(struct sock *sk, int
if (level != SOL_DCCP)
return ip_setsockopt(sk, level, optname, optval, optlen);
+ if (optname == DCCP_SOCKOPT_SERVICE)
+ return dccp_setsockopt_service(sk, optval, optlen);
+
if (optlen < sizeof(int))
return -EINVAL;
if (get_user(val, (int __user *)optval))
return -EFAULT;
-
- if (optname == DCCP_SOCKOPT_SERVICE)
- return dccp_setsockopt_service(sk, val, optval, optlen);
lock_sock(sk);
dp = dccp_sk(sk);
--
YOSHIFUJI Hideaki @ USAGI Project <[email protected]>
GPG-FP : 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]