In article <[EMAIL PROTECTED]> (at Tue, 22 Nov 2005 11:51:31 +0100), Hagen Paul
Pfeifer <[EMAIL PROTECTED]> says:
> Setsockopt in DCCP make the assumption that sizeof(int) is the same as
> sizeof(u32), that isn't correct at all. ;)
The patch is not correct.
I think we should use int for DCCP_SOCKOPT_SERVICE.
Signed-off-by: YOSHIFUJI Hideaki <[EMAIL PROTECTED]>
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index 8a6b2a9..f4299db 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -211,14 +211,21 @@ int dccp_ioctl(struct sock *sk, int cmd,
return -ENOIOCTLCMD;
}
-static int dccp_setsockopt_service(struct sock *sk, const u32 service,
+static int dccp_setsockopt_service(struct sock *sk,
char __user *optval, int optlen)
{
+ u32 service;
struct dccp_sock *dp = dccp_sk(sk);
struct dccp_service_list *sl = NULL;
- if (service == DCCP_SERVICE_INVALID_VALUE ||
- optlen > DCCP_SERVICE_LIST_MAX_LEN * sizeof(u32))
+ if (optlen < sizeof(u32) ||
+ optlen > DCCP_SERCICE_LISR_MAX_LEN * sizeof(u32))
+ return -EINVAL;
+
+ if (get_user(service, (u32 __user *)optval))
+ return -EFAULT;
+
+ if (service == DCCP_SERVICE_INVALID_VALUE)
return -EINVAL;
if (optlen > sizeof(service)) {
@@ -256,14 +263,14 @@ int dccp_setsockopt(struct sock *sk, int
if (level != SOL_DCCP)
return ip_setsockopt(sk, level, optname, optval, optlen);
+ if (optname == DCCP_SOCKOPT_SERVICE)
+ return dccp_setsockopt_service(sk, optval, optlen);
+
if (optlen < sizeof(int))
return -EINVAL;
if (get_user(val, (int __user *)optval))
return -EFAULT;
-
- if (optname == DCCP_SOCKOPT_SERVICE)
- return dccp_setsockopt_service(sk, val, optval, optlen);
lock_sock(sk);
dp = dccp_sk(sk);
--
YOSHIFUJI Hideaki @ USAGI Project <[EMAIL PROTECTED]>
GPG-FP : 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line "unsubscribe dccp" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
