Commit fcdf47f9 authored by Arnaldo Carvalho de Melo's avatar Arnaldo Carvalho de Melo Committed by Greg Kroah-Hartman

dccp: change L/R must have at least one byte in the dccpsf_val field

commit 3e8a0a55 upstream

Thanks to Eugene Teo for reporting this problem.
Signed-off-by: default avatarEugene Teo <eugeneteo@kernel.sg>
Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: default avatarGerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 90cc576c
...@@ -476,6 +476,11 @@ static int dccp_setsockopt_change(struct sock *sk, int type, ...@@ -476,6 +476,11 @@ static int dccp_setsockopt_change(struct sock *sk, int type,
if (copy_from_user(&opt, optval, sizeof(opt))) if (copy_from_user(&opt, optval, sizeof(opt)))
return -EFAULT; return -EFAULT;
/*
* rfc4340: 6.1. Change Options
*/
if (opt.dccpsf_len < 1)
return -EINVAL;
val = kmalloc(opt.dccpsf_len, GFP_KERNEL); val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
if (!val) if (!val)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment