diff options
author | Dan Rosenberg <drosenberg@vsecurity.com> | 2011-01-10 16:00:54 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-01-10 16:00:54 -0800 |
commit | 91b5c98c2e062f982423686c77b8bf31f37fa196 (patch) | |
tree | 02faff8ec23c12bf139ae6adf501e77417346250 | |
parent | 80ce3f67e75ffa14ad99b26457a7e9558b8b001a (diff) |
caif: don't set connection request param size before copying data
The size field should not be set until after the data is successfully
copied in.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/caif/caif_socket.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index 1bf0cf503796..8184c031d028 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -740,12 +740,12 @@ static int setsockopt(struct socket *sock, if (cf_sk->sk.sk_protocol != CAIFPROTO_UTIL) return -ENOPROTOOPT; lock_sock(&(cf_sk->sk)); - cf_sk->conn_req.param.size = ol; if (ol > sizeof(cf_sk->conn_req.param.data) || copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) { release_sock(&cf_sk->sk); return -EINVAL; } + cf_sk->conn_req.param.size = ol; release_sock(&cf_sk->sk); return 0; |