dccp: change L/R must have at least one byte in the dccpsf_val field Thanks to Eugene Teo for reporting this problem. Signed-off-by: Eugene Teo <eugenete@kernel.sg> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 3e8a0a559c66ee9e7468195691a56fefc3589740 [log] [tgz]
author: Arnaldo Carvalho de Melo <acme@redhat.com> Wed Aug 13 13:48:39 2008 -0700
committer: David S. Miller <davem@davemloft.net> Wed Aug 13 13:48:39 2008 -0700
tree: cc54fecf644c138c38dd29b960c7dc42cbe6b558
parent: c1e24df27fb1058739789126db6ad1b1ef719346 [diff] [blame]
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index b622d974..1ca3b26 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c

@@ -474,6 +474,11 @@
 
 	if (copy_from_user(&opt, optval, sizeof(opt)))
 		return -EFAULT;
+	/*
+	 * rfc4340: 6.1. Change Options
+	 */
+	if (opt.dccpsf_len < 1)
+		return -EINVAL;
 
 	val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
 	if (!val)
commit	3e8a0a559c66ee9e7468195691a56fefc3589740	[log] [tgz]
author	Arnaldo Carvalho de Melo <acme@redhat.com>	Wed Aug 13 13:48:39 2008 -0700
committer	David S. Miller <davem@davemloft.net>	Wed Aug 13 13:48:39 2008 -0700
tree	cc54fecf644c138c38dd29b960c7dc42cbe6b558
parent	c1e24df27fb1058739789126db6ad1b1ef719346 [diff] [blame]