diff options
author | David S. Miller <davem@davemloft.net> | 2005-06-21 15:39:22 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-06-21 15:39:22 -0700 |
commit | 8005aba69a6440a535a4cc2aed99ffca580847e0 (patch) | |
tree | d15f836f483ec374751fd9eda4a4f7a8b816eff5 /arch/sparc64 | |
parent | 1d345dac1f30af1cd9f3a1faa12f9f18f17f236e (diff) |
[SPARC64]: Fix cmsg length checks in Solaris emulation layer.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'arch/sparc64')
-rw-r--r-- | arch/sparc64/solaris/socket.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/arch/sparc64/solaris/socket.c b/arch/sparc64/solaris/socket.c index ec8e074c4ea..06740582717 100644 --- a/arch/sparc64/solaris/socket.c +++ b/arch/sparc64/solaris/socket.c @@ -317,8 +317,10 @@ asmlinkage int solaris_sendmsg(int fd, struct sol_nmsghdr __user *user_msg, unsi unsigned long *kcmsg; compat_size_t cmlen; - if(kern_msg.msg_controllen > sizeof(ctl) && - kern_msg.msg_controllen <= 256) { + if (kern_msg.msg_controllen <= sizeof(compat_size_t)) + return -EINVAL; + + if(kern_msg.msg_controllen > sizeof(ctl)) { err = -ENOBUFS; ctl_buf = kmalloc(kern_msg.msg_controllen, GFP_KERNEL); if(!ctl_buf) |