Attachment 314378 Details for Bug 459226 – Upstream patch for this issue

[patch] Upstream patch for this issue

0001-dccp-change-L-R-must-have-at-least-one-byte-in-the.patch (text/plain), 1.01 KB, created by Eugene Teo (Security Response) on 2008-08-15 07:47:00 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Eugene Teo (Security Response)

Created: 2008-08-15 07:47:00 UTC

Size: 1.01 KB

patch

obsolete

>From 3e8a0a559c66ee9e7468195691a56fefc3589740 Mon Sep 17 00:00:00 2001
>From: Arnaldo Carvalho de Melo <acme@redhat.com>
>Date: Wed, 13 Aug 2008 13:48:39 -0700
>Subject: [PATCH] dccp: change L/R must have at least one byte in the dccpsf_val field
>
>Thanks to Eugene Teo for reporting this problem.
>
>Signed-off-by: Eugene Teo <eugenete@kernel.sg>
>Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
>Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
>Signed-off-by: David S. Miller <davem@davemloft.net>
>---
> net/dccp/proto.c |    5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
>
>diff --git a/net/dccp/proto.c b/net/dccp/proto.c
>index b622d97..1ca3b26 100644
>--- a/net/dccp/proto.c
>+++ b/net/dccp/proto.c
>@@ -474,6 +474,11 @@ static int dccp_setsockopt_change(struct sock *sk, int type,
> 
> 	if (copy_from_user(&opt, optval, sizeof(opt)))
> 		return -EFAULT;
>+	/*
>+	 * rfc4340: 6.1. Change Options
>+	 */
>+	if (opt.dccpsf_len < 1)
>+		return -EINVAL;
> 
> 	val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
> 	if (!val)
>-- 
>1.5.5.1
>

Actions: View | Diff

Attachments on bug 459226: 314378 | 314606