From: Ursula Braun <braunu@de.ibm.com>
Date: Mon, 9 Jun 2008 22:51:03 +0000 (-0700)
Subject: af_iucv: exploit target message class support of IUCV
X-Git-Tag: firefly_0821_release~19559^2~350
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=469689a4dd476c1be6750deea5f59528a17b8b4a;p=firefly-linux-kernel-4.4.55.git

af_iucv: exploit target message class support of IUCV

The first 4 bytes of data to be sent are stored additionally into
the message class field of the send request. A receiving target
program (not an af_iucv socket program) can make use of this
information to pre-screen incoming messages.

Signed-off-by: Ursula Braun <braunu@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 7b0038f45b16..58e4aee3e696 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -644,6 +644,7 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
 		}
 
 		txmsg.class = 0;
+		memcpy(&txmsg.class, skb->data, skb->len >= 4 ? 4 : skb->len);
 		txmsg.tag = iucv->send_tag++;
 		memcpy(skb->cb, &txmsg.tag, 4);
 		skb_queue_tail(&iucv->send_skb_q, skb);