[PATCH] ieee802154: verify packet size before trying to allocate it

From: Sasha Levin
Date: Wed Jun 06 2012 - 17:30:58 EST

Next message: Thomas Gleixner: "Re: [patch 1/6] x86: mce: Create devices in CPU_UP_PREPARE"
Previous message: Sam Ravnborg: "[PATCH] kbuild: always show verbose section mismatch warnings"
Next in thread: David Miller: "Re: [PATCH] ieee802154: verify packet size before trying toallocate it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently when sending data over datagram, the send function will attempt to
allocate any size passed on from the userspace.

We should make sure that this size is checked and limited. The maximum size
of an IP packet seemed like the safest limit here.

Signed-off-by: Sasha Levin <levinsasha928@xxxxxxxxx>
---
net/ieee802154/dgram.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/net/ieee802154/dgram.c b/net/ieee802154/dgram.c
index 6fbb2ad..cf5070b 100644
--- a/net/ieee802154/dgram.c
+++ b/net/ieee802154/dgram.c
@@ -232,6 +232,10 @@ static int dgram_sendmsg(struct kiocb *iocb, struct sock *sk,

hlen = LL_RESERVED_SPACE(dev);
tlen = dev->needed_tailroom;
+ if (hlen + tlen + size > USHRT_MAX) {
+ err = -EMSGSIZE;
+ goto out;
+ }
skb = sock_alloc_send_skb(sk, hlen + tlen + size,
msg->msg_flags & MSG_DONTWAIT,
&err);
--
1.7.8.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [patch 1/6] x86: mce: Create devices in CPU_UP_PREPARE"
Previous message: Sam Ravnborg: "[PATCH] kbuild: always show verbose section mismatch warnings"
Next in thread: David Miller: "Re: [PATCH] ieee802154: verify packet size before trying toallocate it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]