|
Lines 124-129
Link Here
|
| 124 |
(struct compat_cmsghdr __user *)((msg)->msg_control) : \ |
124 |
(struct compat_cmsghdr __user *)((msg)->msg_control) : \ |
| 125 |
(struct compat_cmsghdr __user *)NULL) |
125 |
(struct compat_cmsghdr __user *)NULL) |
| 126 |
|
126 |
|
|
|
127 |
#define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \ |
| 128 |
((ucmlen) >= sizeof(struct cmsghdr) && \ |
| 129 |
(ucmlen) <= (unsigned long) \ |
| 130 |
((mhdr)->msg_controllen - \ |
| 131 |
((char *)(ucmsg) - (char *)(mhdr)->msg_control))) |
| 132 |
|
| 127 |
static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg, |
133 |
static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg, |
| 128 |
struct compat_cmsghdr __user *cmsg, int cmsg_len) |
134 |
struct compat_cmsghdr __user *cmsg, int cmsg_len) |
| 129 |
{ |
135 |
{ |
|
Lines 154-164
Link Here
|
| 154 |
return -EFAULT; |
160 |
return -EFAULT; |
| 155 |
|
161 |
|
| 156 |
/* Catch bogons. */ |
162 |
/* Catch bogons. */ |
| 157 |
if(CMSG_COMPAT_ALIGN(ucmlen) < |
163 |
if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg)) |
| 158 |
CMSG_COMPAT_ALIGN(sizeof(struct compat_cmsghdr))) |
|
|
| 159 |
return -EINVAL; |
| 160 |
if((unsigned long)(((char __user *)ucmsg - (char __user *)kmsg->msg_control) |
| 161 |
+ ucmlen) > kmsg->msg_controllen) |
| 162 |
return -EINVAL; |
164 |
return -EINVAL; |
| 163 |
|
165 |
|
| 164 |
tmp = ((ucmlen - CMSG_COMPAT_ALIGN(sizeof(*ucmsg))) + |
166 |
tmp = ((ucmlen - CMSG_COMPAT_ALIGN(sizeof(*ucmsg))) + |