git.openpandora.org
/
pandora-kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
[NET]: Fix function put_cmsg() which may cause usr application memory overflow
[pandora-kernel.git]
/
net
/
core
/
scm.c
diff --git
a/net/core/scm.c
b/net/core/scm.c
index
100ba6d
..
10f5c65
100644
(file)
--- a/
net/core/scm.c
+++ b/
net/core/scm.c
@@
-196,6
+196,8
@@
int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
goto out;
cmlen = CMSG_SPACE(len);
+ if (msg->msg_controllen < cmlen)
+ cmlen = msg->msg_controllen;
msg->msg_control += cmlen;
msg->msg_controllen -= cmlen;
err = 0;