kernel_samsung_smdk4412.git - kernel for Galaxy S3

diff options

author	Tommi Rantala <tt.rantala@gmail.com>	2012-11-22 03:23:16 +0000
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-01-11 09:03:35 -0800
commit	55fdb80050ce0f4a124d24bb5c6394f8f521260b (patch)
tree	4aad4c5c514e6807f043973f4cf8c8b8325dff95 /net/mac80211/rc80211_minstrel.c
parent	e620776f6cfe4e60acd2f2cec9210934cdb24b17 (diff)
download	kernel_samsung_smdk4412-55fdb80050ce0f4a124d24bb5c6394f8f521260b.zip kernel_samsung_smdk4412-55fdb80050ce0f4a124d24bb5c6394f8f521260b.tar.gz kernel_samsung_smdk4412-55fdb80050ce0f4a124d24bb5c6394f8f521260b.tar.bz2

sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall

[ Upstream commit 6e51fe7572590d8d86e93b547fab6693d305fd0d ] Consider the following program, that sets the second argument to the sendto() syscall incorrectly: #include <string.h> #include <arpa/inet.h> #include <sys/socket.h> int main(void) { int fd; struct sockaddr_in sa; fd = socket(AF_INET, SOCK_STREAM, 132 /*IPPROTO_SCTP*/); if (fd < 0) return 1; memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr("127.0.0.1"); sa.sin_port = htons(11111); sendto(fd, NULL, 1, 0, (struct sockaddr *)&sa, sizeof(sa)); return 0; } We get -ENOMEM: $ strace -e sendto ./demo sendto(3, NULL, 1, 0, {sa_family=AF_INET, sin_port=htons(11111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ENOMEM (Cannot allocate memory) Propagate the error code from sctp_user_addto_chunk(), so that we will tell user space what actually went wrong: $ strace -e sendto ./demo sendto(3, NULL, 1, 0, {sa_family=AF_INET, sin_port=htons(11111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EFAULT (Bad address) Noticed while running Trinity (the syscall fuzzer). Signed-off-by: Tommi Rantala <tt.rantala@gmail.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net/mac80211/rc80211_minstrel.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: