From 04910265078f08a73208beab70ed2a3cce4a919f Mon Sep 17 00:00:00 2001 From: Tomasz Grobelny Date: Sat, 4 Dec 2010 13:39:13 +0100 Subject: dccp qpolicy: Parameter checking of cmsg qpolicy parameters Ensure that cmsg->cmsg_type value is valid for qpolicy that is currently in use. Signed-off-by: Tomasz Grobelny Signed-off-by: Gerrit Renker --- net/dccp/proto.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'net/dccp/proto.c') diff --git a/net/dccp/proto.c b/net/dccp/proto.c index d6a224982bb..152975d942d 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -726,6 +726,10 @@ static int dccp_msghdr_parse(struct msghdr *msg, struct sk_buff *skb) if (cmsg->cmsg_level != SOL_DCCP) continue; + if (cmsg->cmsg_type <= DCCP_SCM_QPOLICY_MAX && + !dccp_qpolicy_param_ok(skb->sk, cmsg->cmsg_type)) + return -EINVAL; + switch (cmsg->cmsg_type) { case DCCP_SCM_PRIORITY: if (cmsg->cmsg_len != CMSG_LEN(sizeof(__u32))) -- cgit v1.2.3-18-g5258