From: Jiri Kosina <[EMAIL PROTECTED]> DCCP: proper optlen checking in do_dccp_getsockopt()
Robert Swiecki discovered [1] a signedness bug in checking of optlen in do_dccp_getsockopt(). This bug can allow user to read parts of the kernel memory. [1] http://www.securityfocus.com/archive/1/463934/30/0/threaded Cc: Robert Święcki <[EMAIL PROTECTED]> Signed-off-by: Jiri Kosina <[EMAIL PROTECTED]> net/dccp/proto.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/dccp/proto.c b/net/dccp/proto.c index cf28c53..5239f26 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -575,7 +575,7 @@ static int do_dccp_getsockopt(struct sock *sk, int level, int optname, if (get_user(len, optlen)) return -EFAULT; - if (len < sizeof(int)) + if (len < 1) return -EINVAL; dp = dccp_sk(sk);
