[PATCH] DCCP: proper optlen checking in do_dccp_getsockopt()
From: Jiri Kosina
Date: Wed Mar 28 2007 - 14:57:24 EST
From: Jiri Kosina <jkosina@xxxxxxx>
DCCP: proper optlen checking in do_dccp_getsockopt()
Robert Swiecki discovered [1] a signedness bug in checking of
optlen in do_dccp_getsockopt(). This bug can allow user to
read parts of the kernel memory.
[1] http://www.securityfocus.com/archive/1/463934/30/0/threaded
Cc: Robert Święcki <jagger@xxxxxxxxxxx>
Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
net/dccp/proto.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index cf28c53..5239f26 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -575,7 +575,7 @@ static int do_dccp_getsockopt(struct sock *sk, int level, int optname,
if (get_user(len, optlen))
return -EFAULT;
- if (len < sizeof(int))
+ if (len < 1)
return -EINVAL;
dp = dccp_sk(sk);