diff options
Diffstat (limited to 'net/sctp/socket.c')
| -rw-r--r-- | net/sctp/socket.c | 11 | 
1 files changed, 9 insertions, 2 deletions
| diff --git a/net/sctp/socket.c b/net/sctp/socket.c index bb5c9ef1304..5ffb9dec1c3 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3086,6 +3086,7 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk,  				    int optlen)  {  	struct sctp_hmacalgo *hmacs; +	u32 idents;  	int err;  	if (!sctp_auth_enable) @@ -3103,8 +3104,9 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk,  		goto out;  	} -	if (hmacs->shmac_num_idents == 0 || -	    hmacs->shmac_num_idents > SCTP_AUTH_NUM_HMACS) { +	idents = hmacs->shmac_num_idents; +	if (idents == 0 || idents > SCTP_AUTH_NUM_HMACS || +	    (idents * sizeof(u16)) > (optlen - sizeof(struct sctp_hmacalgo))) {  		err = -EINVAL;  		goto out;  	} @@ -3144,6 +3146,11 @@ static int sctp_setsockopt_auth_key(struct sock *sk,  		goto out;  	} +	if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) { +		ret = -EINVAL; +		goto out; +	} +  	asoc = sctp_id2assoc(sk, authkey->sca_assoc_id);  	if (!asoc && authkey->sca_assoc_id && sctp_style(sk, UDP)) {  		ret = -EINVAL; | 
