|
@@ -2098,12 +2098,17 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
|
|
|
unsigned long a[6];
|
|
unsigned long a[6];
|
|
|
unsigned long a0, a1;
|
|
unsigned long a0, a1;
|
|
|
int err;
|
|
int err;
|
|
|
|
|
+ unsigned int len;
|
|
|
|
|
|
|
|
if (call < 1 || call > SYS_ACCEPT4)
|
|
if (call < 1 || call > SYS_ACCEPT4)
|
|
|
return -EINVAL;
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
+ len = nargs[call];
|
|
|
|
|
+ if (len > sizeof(a))
|
|
|
|
|
+ return -EINVAL;
|
|
|
|
|
+
|
|
|
/* copy_from_user should be SMP safe. */
|
|
/* copy_from_user should be SMP safe. */
|
|
|
- if (copy_from_user(a, args, nargs[call]))
|
|
|
|
|
|
|
+ if (copy_from_user(a, args, len))
|
|
|
return -EFAULT;
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
audit_socketcall(nargs[call] / sizeof(unsigned long), a);
|
|
audit_socketcall(nargs[call] / sizeof(unsigned long), a);
|
Arjan van de Ven