patch-2.4.26 linux-2.4.26/net/ipv6/ipv6_sockglue.c
Next file: linux-2.4.26/net/ipv6/ipv6_syms.c
Previous file: linux-2.4.26/net/ipv6/icmp.c
Back to the patch index
Back to the overall index
- Lines: 36
- Date:
2004-04-14 06:05:41.000000000 -0700
- Orig file:
linux-2.4.25/net/ipv6/ipv6_sockglue.c
- Orig date:
2003-08-25 04:44:44.000000000 -0700
diff -urN linux-2.4.25/net/ipv6/ipv6_sockglue.c linux-2.4.26/net/ipv6/ipv6_sockglue.c
@@ -452,10 +452,16 @@
}
case MCAST_MSFILTER:
{
+ extern int sysctl_optmem_max;
+ extern int sysctl_mld_max_msf;
struct group_filter *gsf;
if (optlen < GROUP_FILTER_SIZE(0))
goto e_inval;
+ if (optlen > sysctl_optmem_max) {
+ retv = -ENOBUFS;
+ break;
+ }
gsf = (struct group_filter *)kmalloc(optlen,GFP_KERNEL);
if (gsf == 0) {
retv = -ENOBUFS;
@@ -466,6 +472,18 @@
kfree(gsf);
break;
}
+ /* numsrc >= (4G-140)/128 overflow in 32 bits */
+ if (gsf->gf_numsrc >= 0x1ffffffU ||
+ gsf->gf_numsrc > sysctl_mld_max_msf) {
+ kfree(gsf);
+ retv = -ENOBUFS;
+ break;
+ }
+ if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) {
+ kfree(gsf);
+ retv = -EINVAL;
+ break;
+ }
retv = ip6_mc_msfilter(sk, gsf);
kfree(gsf);
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)