mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 05:35:54 +00:00
39 lines
1.1 KiB
Diff
39 lines
1.1 KiB
Diff
From 4de930efc23b92ddf88ce91c405ee645fe6e27ea Mon Sep 17 00:00:00 2001
|
|
From: Al Viro <viro@ZenIV.linux.org.uk>
|
|
Date: Fri, 20 Mar 2015 17:41:43 +0000
|
|
Subject: net: validate the range we feed to iov_iter_init() in
|
|
sys_sendto/sys_recvfrom
|
|
|
|
Cc: stable@vger.kernel.org # v3.19
|
|
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
---
|
|
net/socket.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/net/socket.c b/net/socket.c
|
|
index bbedbfc..245330c 100644
|
|
--- a/net/socket.c
|
|
+++ b/net/socket.c
|
|
@@ -1702,6 +1702,8 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
|
|
|
|
if (len > INT_MAX)
|
|
len = INT_MAX;
|
|
+ if (unlikely(!access_ok(VERIFY_READ, buff, len)))
|
|
+ return -EFAULT;
|
|
sock = sockfd_lookup_light(fd, &err, &fput_needed);
|
|
if (!sock)
|
|
goto out;
|
|
@@ -1760,6 +1762,8 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
|
|
|
|
if (size > INT_MAX)
|
|
size = INT_MAX;
|
|
+ if (unlikely(!access_ok(VERIFY_WRITE, ubuf, size)))
|
|
+ return -EFAULT;
|
|
sock = sockfd_lookup_light(fd, &err, &fput_needed);
|
|
if (!sock)
|
|
goto out;
|
|
--
|
|
cgit v1.1
|
|
|