From: Ursula Braun Date: Mon, 9 Jun 2008 22:51:03 +0000 (-0700) Subject: af_iucv: exploit target message class support of IUCV X-Git-Tag: v2.6.27-rc1~969^2~349 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=469689a4dd476c1be6750deea5f59528a17b8b4a;p=linux-2.6 af_iucv: exploit target message class support of IUCV The first 4 bytes of data to be sent are stored additionally into the message class field of the send request. A receiving target program (not an af_iucv socket program) can make use of this information to pre-screen incoming messages. Signed-off-by: Ursula Braun Signed-off-by: David S. Miller --- diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c index 7b0038f45b..58e4aee3e6 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -644,6 +644,7 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock, } txmsg.class = 0; + memcpy(&txmsg.class, skb->data, skb->len >= 4 ? 4 : skb->len); txmsg.tag = iucv->send_tag++; memcpy(skb->cb, &txmsg.tag, 4); skb_queue_tail(&iucv->send_skb_q, skb);