git://git.onelab.eu / linux-2.6.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b503c75)
- merge revision 1.3
authorMark Huang <mlhuang@cs.princeton.edu>
Thu, 27 Jan 2005 20:45:09 +0000 (20:45 +0000)
committerMark Huang <mlhuang@cs.princeton.edu>
Thu, 27 Jan 2005 20:45:09 +0000 (20:45 +0000)
date: 2005/01/19 22:42:27;  author: mef;  state: Exp;  lines: +1 -3
Fixes CAN-2004 security reports 1016, 1017, and 1068

net/core/scm.c patch | blob | history

diff --git a/net/core/scm.c b/net/core/scm.c
index 3699df3..a2ebf30 100644 (file)
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -127,9 +127,7 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
                   for too short ancillary data object at all! Oops.
                   OK, let's add it...
                 */
-               if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-                   (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-                                   + cmsg->cmsg_len) > msg->msg_controllen)
+               if (!CMSG_OK(msg, cmsg))
                        goto error;
 
                if (cmsg->cmsg_level != SOL_SOCKET)
linux-2.6