diff options
| author | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-12-13 02:30:23 +0100 |
|---|---|---|
| committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-12-13 02:30:23 +0100 |
| commit | 2ecd9abf516e5e4afc482eb0329f9304aed285b4 (patch) | |
| tree | a2980c05f50df82d6d043e4e44ecaf2023220870 /net/socket.c | |
| parent | 698f3e8de2f0104dc80402ea151aae73b946a2d9 (diff) | |
| parent | a04b065c010280ed1806c73cb234a2bf657a5ce9 (diff) | |
| download | kernel_samsung_smdk4412-2ecd9abf516e5e4afc482eb0329f9304aed285b4.zip kernel_samsung_smdk4412-2ecd9abf516e5e4afc482eb0329f9304aed285b4.tar.gz kernel_samsung_smdk4412-2ecd9abf516e5e4afc482eb0329f9304aed285b4.tar.bz2 | |
Merge branch 'cm-13.0' of https://github.com/CyanogenMod/android_kernel_samsung_smdk4412 into replicant-6.0
Diffstat (limited to 'net/socket.c')
| -rw-r--r-- | net/socket.c | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/net/socket.c b/net/socket.c index e4c7f90..3b5e6bb 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1683,6 +1683,8 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, if (len > INT_MAX) len = INT_MAX; + if (unlikely(!access_ok(VERIFY_READ, buff, len))) + return -EFAULT; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1742,6 +1744,8 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, if (size > INT_MAX) size = INT_MAX; + if (unlikely(!access_ok(VERIFY_WRITE, ubuf, size))) + return -EFAULT; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -2294,31 +2298,31 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, break; } -out_put: - fput_light(sock->file, fput_needed); - if (err == 0) - return datagrams; + goto out_put; + + if (datagrams == 0) { + datagrams = err; + goto out_put; + } - if (datagrams != 0) { + /* + * We may return less entries than requested (vlen) if the + * sock is non block and there aren't enough datagrams... + */ + if (err != -EAGAIN) { /* - * We may return less entries than requested (vlen) if the - * sock is non block and there aren't enough datagrams... + * ... or if recvmsg returns an error after we + * received some datagrams, where we record the + * error to return on the next call or if the + * app asks about it using getsockopt(SO_ERROR). */ - if (err != -EAGAIN) { - /* - * ... or if recvmsg returns an error after we - * received some datagrams, where we record the - * error to return on the next call or if the - * app asks about it using getsockopt(SO_ERROR). - */ - sock->sk->sk_err = -err; - } - - return datagrams; + sock->sk->sk_err = -err; } +out_put: + fput_light(sock->file, fput_needed); - return err; + return datagrams; } SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg, |