net: Truncate recvfrom and sendto length to INT_MAX.

[pandora-kernel.git] / net / socket.c

diff --git a/net/socket.c b/net/socket.c
index 717a5f1..2808b4d 100644 (file)
--- a/net/socket.c
+++ b/net/socket.c
@@ -209,8 +209,8 @@ int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr *kaddr)
  *     specified. Zero is returned for a success.
  */
 
-int move_addr_to_user(struct sockaddr *kaddr, int klen, void __user *uaddr,
-                     int __user *ulen)
+static int move_addr_to_user(struct sockaddr *kaddr, int klen,
+                            void __user *uaddr, int __user *ulen)
 {
        int err;
        int len;
@@ -502,6 +502,7 @@ static int sock_no_open(struct inode *irrelevant, struct file *dontcare)
 const struct file_operations bad_sock_fops = {
        .owner = THIS_MODULE,
        .open = sock_no_open,
+       .llseek = noop_llseek,
 };
 
 /**
@@ -661,7 +662,8 @@ void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
 }
 EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
 
-inline void sock_recv_drops(struct msghdr *msg, struct sock *sk, struct sk_buff *skb)
+static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
+                                  struct sk_buff *skb)
 {
        if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && skb->dropcount)
                put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
@@ -1650,6 +1652,8 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
        struct iovec iov;
        int fput_needed;
 
+       if (len > INT_MAX)
+               len = INT_MAX;
        sock = sockfd_lookup_light(fd, &err, &fput_needed);
        if (!sock)
                goto out;
@@ -1707,6 +1711,8 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
        int err, err2;
        int fput_needed;
 
+       if (size > INT_MAX)
+               size = INT_MAX;
        sock = sockfd_lookup_light(fd, &err, &fput_needed);
        if (!sock)
                goto out;