projects
/
firefly-linux-kernel-4.4.55.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
af_unix: Only allow recv on connected seqpacket sockets.
[firefly-linux-kernel-4.4.55.git]
/
net
/
socket.c
diff --git
a/net/socket.c
b/net/socket.c
index 49917a1cac7d921f6fae418bb89a19a4e9e02a1f..d449812d6208d337d0d927d47401ca62346632ea 100644
(file)
--- a/
net/socket.c
+++ b/
net/socket.c
@@
-1673,6
+1673,8
@@
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
struct iovec iov;
int fput_needed;
struct iovec iov;
int fput_needed;
+ if (len > INT_MAX)
+ len = INT_MAX;
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (!sock)
goto out;
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (!sock)
goto out;
@@
-1730,6
+1732,8
@@
SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
int err, err2;
int fput_needed;
int err, err2;
int fput_needed;
+ if (size > INT_MAX)
+ size = INT_MAX;
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (!sock)
goto out;
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (!sock)
goto out;
@@
-2098,12
+2102,17
@@
SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
unsigned long a[6];
unsigned long a0, a1;
int err;
unsigned long a[6];
unsigned long a0, a1;
int err;
+ unsigned int len;
if (call < 1 || call > SYS_ACCEPT4)
return -EINVAL;
if (call < 1 || call > SYS_ACCEPT4)
return -EINVAL;
+ len = nargs[call];
+ if (len > sizeof(a))
+ return -EINVAL;
+
/* copy_from_user should be SMP safe. */
/* copy_from_user should be SMP safe. */
- if (copy_from_user(a, args,
nargs[call]
))
+ if (copy_from_user(a, args,
len
))
return -EFAULT;
audit_socketcall(nargs[call] / sizeof(unsigned long), a);
return -EFAULT;
audit_socketcall(nargs[call] / sizeof(unsigned long), a);
@@
-2386,7
+2395,7
@@
int kernel_getsockopt(struct socket *sock, int level, int optname,
}
int kernel_setsockopt(struct socket *sock, int level, int optname,
}
int kernel_setsockopt(struct socket *sock, int level, int optname,
- char *optval, int optlen)
+ char *optval,
unsigned
int optlen)
{
mm_segment_t oldfs = get_fs();
int err;
{
mm_segment_t oldfs = get_fs();
int err;