On 22.12.2015 12:46, Huw Davies wrote: > tot_len += sizeof(*opt2); > - opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); > + if (sk) > + opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); > + else > + opt2 = kmalloc(tot_len, GFP_ATOMIC); > if (!opt2) > return ERR_PTR(-ENOBUFS);
This change looks dangerous to me in terms of control of memory depletion from a remote host. Could you use sk_to_full_sk and account options towards the listener socket? -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
