Re: [PATCH net] fix a braino in cmsghdr_from_user_compat_to_kern()

From: David Miller
Date: Mon Jul 27 2020 - 16:26:01 EST


From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Mon, 27 Jul 2020 19:22:20 +0100

> commit 547ce4cfb34c ("switch cmsghdr_from_user_compat_to_kern() to
> copy_from_user()") missed one of the places where ucmlen should've been
> replaced with cmsg.cmsg_len, now that we are fetching the entire struct
> rather than doing it field-by-field.
>
> As the result, compat sendmsg() with several different-sized cmsg
> attached started to fail with EINVAL. Trivial to fix, fortunately.
>
> Reported-by: Nick Bowler <nbowler@xxxxxxxxxx>
> Tested-by: Nick Bowler <nbowler@xxxxxxxxxx>
> Fixes: 547ce4cfb34c ("switch cmsghdr_from_user_compat_to_kern() to copy_from_user()")
>
> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

Applied, thanks Al.