summaryrefslogtreecommitdiff
path: root/net/ipv6
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2009-02-06 00:49:55 -0800
committerGreg Kroah-Hartman <gregkh@suse.de>2009-02-17 09:46:20 -0800
commit0e2fb41395560a4520e41c4f13287ddfb83a9d61 (patch)
tree730d101b3e38d082088b36f3f30c3bcac2480c62 /net/ipv6
parent5d614e4b1d771f3d496f5d676d33473f519a865c (diff)
ipv6: Disallow rediculious flowlabel option sizes.
[ Upstream commit 684de409acff8b1fe8bf188d75ff2f99c624387d ] Just like PKTINFO, limit the options area to 64K. Based upon report by Eric Sesterhenn and analysis by Roland Dreier. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/ip6_flowlabel.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 37a4e777e347..489a7fd1abce 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -323,17 +323,21 @@ static struct ip6_flowlabel *
fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
int optlen, int *err_p)
{
- struct ip6_flowlabel *fl;
+ struct ip6_flowlabel *fl = NULL;
int olen;
int addr_type;
int err;
+ olen = optlen - CMSG_ALIGN(sizeof(*freq));
+ err = -EINVAL;
+ if (olen > 64 * 1024)
+ goto done;
+
err = -ENOMEM;
fl = kzalloc(sizeof(*fl), GFP_KERNEL);
if (fl == NULL)
goto done;
- olen = optlen - CMSG_ALIGN(sizeof(*freq));
if (olen > 0) {
struct msghdr msg;
struct flowi flowi;