git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[NET]: Fix function put_cmsg() which may cause usr application memory overflow
[pandora-kernel.git] / net / core / scm.c
diff --git a/net/core/scm.c b/net/core/scm.c
index 100ba6d..10f5c65 100644 (file)
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -196,6 +196,8 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
        if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
                goto out;
        cmlen = CMSG_SPACE(len);
+       if (msg->msg_controllen < cmlen)
+               cmlen = msg->msg_controllen;
        msg->msg_control += cmlen;
        msg->msg_controllen -= cmlen;
        err = 0;
Pandora Kernel Repository