Hi!
From: Christoph Hellwig hch@lst.de
commit 3087a6f36ee028ec095c04a8531d7d33899b7fed upstream.
This code used to copy in an unsigned long worth of data before the sockptr_t conversion, so restore that.
Maybe, but then the size checks need to be updated, too.
Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Christoph Hellwig hch@lst.de Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
net/netrom/af_netrom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c @@ -306,7 +306,7 @@ static int nr_setsockopt(struct socket * if (optlen < sizeof(unsigned int))
This should be < sizeof(unsigned long)) ... AFAICT.
return -EINVAL;
- if (copy_from_sockptr(&opt, optval, sizeof(unsigned int)))
- if (copy_from_sockptr(&opt, optval, sizeof(unsigned long))) return -EFAULT;
Best regards, Pavel