SUNRPC: Never reuse the socket port after an xs_close()

[firefly-linux-kernel-4.4.55.git] / net / socket.c

diff --git a/net/socket.c b/net/socket.c
index 49917a1cac7d921f6fae418bb89a19a4e9e02a1f..d449812d6208d337d0d927d47401ca62346632ea 100644 (file)
--- a/net/socket.c
+++ b/net/socket.c
@@ -1673,6 +1673,8 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
        struct iovec iov;
        int fput_needed;
 
+       if (len > INT_MAX)
+               len = INT_MAX;
        sock = sockfd_lookup_light(fd, &err, &fput_needed);
        if (!sock)
                goto out;
@@ -1730,6 +1732,8 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
        int err, err2;
        int fput_needed;
 
+       if (size > INT_MAX)
+               size = INT_MAX;
        sock = sockfd_lookup_light(fd, &err, &fput_needed);
        if (!sock)
                goto out;
@@ -2098,12 +2102,17 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
        unsigned long a[6];
        unsigned long a0, a1;
        int err;
+       unsigned int len;
 
        if (call < 1 || call > SYS_ACCEPT4)
                return -EINVAL;
 
+       len = nargs[call];
+       if (len > sizeof(a))
+               return -EINVAL;
+
        /* copy_from_user should be SMP safe. */
-       if (copy_from_user(a, args, nargs[call]))
+       if (copy_from_user(a, args, len))
                return -EFAULT;
 
        audit_socketcall(nargs[call] / sizeof(unsigned long), a);
@@ -2386,7 +2395,7 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
 }
 
 int kernel_setsockopt(struct socket *sock, int level, int optname,
-                       char *optval, int optlen)
+                       char *optval, unsigned int optlen)
 {
        mm_segment_t oldfs = get_fs();
        int err;