diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-08-27 17:38:07 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-08-27 17:38:07 -0700 |
commit | b09331e530777963ed65ce2fdf074b7b077768c7 (patch) | |
tree | 0354e5a7bb8ec3a7ae647b5ce71516f6a4979b05 /net/sctp/socket.c | |
parent | 4c246edd2550304df5b766cc841584b2bb058843 (diff) | |
parent | d97240552cd98c4b07322f30f66fd9c3ba4171de (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (55 commits)
sctp: fix random memory dereference with SCTP_HMAC_IDENT option.
sctp: correct bounds check in sctp_setsockopt_auth_key
wan: Missing capability checks in sbni_ioctl()
e100, fix iomap read
qeth: preallocated header account offset
qeth: l2 write unicast list to hardware
qeth: use -EOPNOTSUPP instead of -ENOTSUPP.
ibm_newemac: Don't call dev_mc_add() before device is registered
net: don't grab a mutex within a timer context in gianfar
forcedeth: fix checksum flag
net/usb/mcs7830: add set_mac_address
net/usb/mcs7830: new device IDs
[netdrvr] smc91x: fix resource removal (null ptr deref)
ibmveth: fix bad UDP checksums
[netdrvr] hso: dev_kfree_skb crash fix
[netdrvr] hso: icon 322 detection fix
atl1: disable TSO by default
atl1e: multistatement if missing braces
igb: remove 82576 quad adapter
drivers/net/skfp/ess.c: fix compile warnings
...
Diffstat (limited to 'net/sctp/socket.c')
-rw-r--r-- | net/sctp/socket.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index afa952e726d..5ffb9dec1c3 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3086,6 +3086,7 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk, int optlen) { struct sctp_hmacalgo *hmacs; + u32 idents; int err; if (!sctp_auth_enable) @@ -3103,8 +3104,9 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk, goto out; } - if (hmacs->shmac_num_idents == 0 || - hmacs->shmac_num_idents > SCTP_AUTH_NUM_HMACS) { + idents = hmacs->shmac_num_idents; + if (idents == 0 || idents > SCTP_AUTH_NUM_HMACS || + (idents * sizeof(u16)) > (optlen - sizeof(struct sctp_hmacalgo))) { err = -EINVAL; goto out; } @@ -3144,7 +3146,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk, goto out; } - if (authkey->sca_keylength > optlen) { + if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) { ret = -EINVAL; goto out; } |