patch-2.2.7 linux/net/core/scm.c
Next file: linux/net/ipv4/af_inet.c
Previous file: linux/net/core/neighbour.c
Back to the patch index
Back to the overall index
- Lines: 17
- Date:
Thu Apr 22 19:45:19 1999
- Orig file:
v2.2.6/linux/net/core/scm.c
- Orig date:
Wed Mar 10 15:29:52 1999
diff -u --recursive --new-file v2.2.6/linux/net/core/scm.c linux/net/core/scm.c
@@ -122,7 +122,15 @@
err = -EINVAL;
/* Verify that cmsg_len is at least sizeof(struct cmsghdr) */
- if ((unsigned long)(((char*)cmsg - (char*)msg->msg_control)
+ /* The first check was omitted in <= 2.2.5. The reasoning was
+ that parser checks cmsg_len in any case, so that
+ additional check would be work duplication.
+ But if cmsg_level is not SOL_SOCKET, we do not check
+ for too short ancillary data object at all! Oops.
+ OK, let's add it...
+ */
+ if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
+ (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
+ cmsg->cmsg_len) > msg->msg_controllen)
goto error;
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)