From: David S. Miller Date: Tue, 21 Jun 2005 22:39:22 +0000 (-0700) Subject: [SPARC64]: Fix cmsg length checks in Solaris emulation layer. X-Git-Tag: v2.6.13-rc1~68^2~582^2~168^2~1 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8005aba69a6440a535a4cc2aed99ffca580847e0;p=linux-2.6 [SPARC64]: Fix cmsg length checks in Solaris emulation layer. Signed-off-by: David S. Miller --- diff --git a/arch/sparc64/solaris/socket.c b/arch/sparc64/solaris/socket.c index ec8e074c4e..0674058271 100644 --- a/arch/sparc64/solaris/socket.c +++ b/arch/sparc64/solaris/socket.c @@ -317,8 +317,10 @@ asmlinkage int solaris_sendmsg(int fd, struct sol_nmsghdr __user *user_msg, unsi unsigned long *kcmsg; compat_size_t cmlen; - if(kern_msg.msg_controllen > sizeof(ctl) && - kern_msg.msg_controllen <= 256) { + if (kern_msg.msg_controllen <= sizeof(compat_size_t)) + return -EINVAL; + + if(kern_msg.msg_controllen > sizeof(ctl)) { err = -ENOBUFS; ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL); if(!ctl_buf)