Commit 91b5c98c2e062f982423686c77b8bf31f37fa196
Committed by
David S. Miller
1 parent
80ce3f67e7
Exists in
master
and in
4 other branches
caif: don't set connection request param size before copying data
The size field should not be set until after the data is successfully copied in. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
net/caif/caif_socket.c
... | ... | @@ -740,12 +740,12 @@ |
740 | 740 | if (cf_sk->sk.sk_protocol != CAIFPROTO_UTIL) |
741 | 741 | return -ENOPROTOOPT; |
742 | 742 | lock_sock(&(cf_sk->sk)); |
743 | - cf_sk->conn_req.param.size = ol; | |
744 | 743 | if (ol > sizeof(cf_sk->conn_req.param.data) || |
745 | 744 | copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) { |
746 | 745 | release_sock(&cf_sk->sk); |
747 | 746 | return -EINVAL; |
748 | 747 | } |
748 | + cf_sk->conn_req.param.size = ol; | |
749 | 749 | release_sock(&cf_sk->sk); |
750 | 750 | return 0; |
751 | 751 |