diff options
author | Matthias Rosenfelder <mrosenfelder.lkml@gmail.com> | 2017-07-06 07:56:36 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-07-06 12:58:19 +0300 |
commit | 5a3b886c3cc5de1b9ec618bf27e1b31c6624f3ca (patch) | |
tree | 44ee8905a9dda4c6c90f2b3527ea1ef5181f3bb4 /net | |
parent | e8f37d57dff20a455abb36942e326073dd47738d (diff) | |
download | linux-5a3b886c3cc5de1b9ec618bf27e1b31c6624f3ca.tar.xz |
TLS: Fix length check in do_tls_getsockopt_tx()
copy_to_user() copies the struct the pointer is pointing to, but the
length check compares against sizeof(pointer) and not sizeof(struct).
On 32-bit the size is probably the same, so it might have worked
accidentally.
Signed-off-by: Matthias Rosenfelder <mrosenfelder.lkml@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/tls/tls_main.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index a03130a47b85..60aff60e30ad 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -272,7 +272,7 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval, goto out; } - if (len == sizeof(crypto_info)) { + if (len == sizeof(*crypto_info)) { if (copy_to_user(optval, crypto_info, sizeof(*crypto_info))) rc = -EFAULT; goto out; |