From: Al Viro Date: Tue, 21 Nov 2006 01:03:18 +0000 (-0800) Subject: [SCTP] bug: endianness problem in sctp_getsockopt_sctp_status() X-Git-Tag: v2.6.20-rc1~34^2~40^2~228 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30330ee00ce077de9d459c17125573ff618bd7a9;p=linux-2.6 [SCTP] bug: endianness problem in sctp_getsockopt_sctp_status() Again, invalid sockaddr passed to userland - host-endiand sin_port. Potential leak, again, but less dramatic than in previous case. Signed-off-by: Al Viro Signed-off-by: David S. Miller --- diff --git a/net/sctp/socket.c b/net/sctp/socket.c index f4d13ab79f..b6e038a387 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3217,8 +3217,8 @@ static int sctp_getsockopt_sctp_status(struct sock *sk, int len, status.sstat_outstrms = asoc->c.sinit_num_ostreams; status.sstat_fragmentation_point = asoc->frag_point; status.sstat_primary.spinfo_assoc_id = sctp_assoc2id(transport->asoc); - memcpy(&status.sstat_primary.spinfo_address, - &(transport->ipaddr), sizeof(union sctp_addr)); + flip_to_n((union sctp_addr *)&status.sstat_primary.spinfo_address, + &transport->ipaddr); /* Map ipv4 address into v4-mapped-on-v6 address. */ sctp_get_pf_specific(sk->sk_family)->addr_v4map(sctp_sk(sk), (union sctp_addr *)&status.sstat_primary.spinfo_address);