summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSasha Levin <levinsasha928@gmail.com>2012-07-02 01:29:55 +0000
committerDavid S. Miller <davem@davemloft.net>2012-07-08 23:49:30 -0700
commit3da947b2693993d5f6138f005d2625e9387c9618 (patch)
treeaf7f831e5570f8081bd6d973a3aef7195f8a8967
parent9e85a6f9dc231f3ed3c1dc1b12217505d970142a (diff)
downloadlinux-stable-3da947b2693993d5f6138f005d2625e9387c9618.tar.gz
linux-stable-3da947b2693993d5f6138f005d2625e9387c9618.tar.bz2
linux-stable-3da947b2693993d5f6138f005d2625e9387c9618.zip
ieee802154: verify packet size before trying to allocate it
Currently when sending data over datagram, the send function will attempt to allocate any size passed on from the userspace. We should make sure that this size is checked and limited. We'll limit it to the MTU of the device, which is checked later anyway. Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ieee802154/dgram.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/net/ieee802154/dgram.c b/net/ieee802154/dgram.c
index 6fbb2ad7bb6d..16705611589a 100644
--- a/net/ieee802154/dgram.c
+++ b/net/ieee802154/dgram.c
@@ -230,6 +230,12 @@ static int dgram_sendmsg(struct kiocb *iocb, struct sock *sk,
mtu = dev->mtu;
pr_debug("name = %s, mtu = %u\n", dev->name, mtu);
+ if (size > mtu) {
+ pr_debug("size = %Zu, mtu = %u\n", size, mtu);
+ err = -EINVAL;
+ goto out_dev;
+ }
+
hlen = LL_RESERVED_SPACE(dev);
tlen = dev->needed_tailroom;
skb = sock_alloc_send_skb(sk, hlen + tlen + size,
@@ -258,12 +264,6 @@ static int dgram_sendmsg(struct kiocb *iocb, struct sock *sk,
if (err < 0)
goto out_skb;
- if (size > mtu) {
- pr_debug("size = %Zu, mtu = %u\n", size, mtu);
- err = -EINVAL;
- goto out_skb;
- }
-
skb->dev = dev;
skb->sk = sk;
skb->protocol = htons(ETH_P_IEEE802154);