summaryrefslogtreecommitdiff
path: root/net/sctp
diff options
context:
space:
mode:
authorGuenter Roeck <linux@roeck-us.net>2013-02-27 14:57:31 +0400
committerDavid S. Miller <davem@davemloft.net>2013-02-28 01:09:19 +0400
commit726bc6b092da4c093eb74d13c07184b18c1af0f1 (patch)
tree4895b99cab1b958007b0b71d4dd49947f41e234a /net/sctp
parent45af3fb4a018ef84bf1c9f2dfbd887a41242e77f (diff)
downloadlinux-726bc6b092da4c093eb74d13c07184b18c1af0f1.tar.xz
net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS
Building sctp may fail with: In function ‘copy_from_user’, inlined from ‘sctp_getsockopt_assoc_stats’ at net/sctp/socket.c:5656:20: arch/x86/include/asm/uaccess_32.h:211:26: error: call to ‘copy_from_user_overflow’ declared with attribute error: copy_from_user() buffer size is not provably correct if built with W=1 due to a missing parameter size validation before the call to copy_from_user. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp')
-rw-r--r--net/sctp/socket.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index cedd9bf67b8c..9ef5c7312e12 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5653,6 +5653,9 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
if (len < sizeof(sctp_assoc_t))
return -EINVAL;
+ /* Allow the struct to grow and fill in as much as possible */
+ len = min_t(size_t, len, sizeof(sas));
+
if (copy_from_user(&sas, optval, len))
return -EFAULT;
@@ -5686,9 +5689,6 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
/* Mark beginning of a new observation period */
asoc->stats.max_obs_rto = asoc->rto_min;
- /* Allow the struct to grow and fill in as much as possible */
- len = min_t(size_t, len, sizeof(sas));
-
if (put_user(len, optlen))
return -EFAULT;