git projects / ziggy471-frankenstein-kernel.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree | latest snapshot
plain | history

Updated to 2.6.32.27
/net/core/iovec.c
blob:16ad45d4882b56a2c531a0a944bc31c690ff5a4b -> blob:f911e665a7dbb2eb43981603439381782d98df8c
--- net/core/iovec.c
+++ net/core/iovec.c
@@ -38,7 +38,7 @@
int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode)
{
- int size, err, ct;
+ int size, ct, err;
if (m->msg_namelen) {
if (mode == VERIFY_READ) {
@@ -60,14 +60,13 @@ int verify_iovec(struct msghdr *m, struc
err = 0;
for (ct = 0; ct < m->msg_iovlen; ct++) {
- err += iov[ct].iov_len;
- /*
- * Goal is not to verify user data, but to prevent returning
- * negative value, which is interpreted as errno.
- * Overflow is still possible, but it is harmless.
- */
- if (err < 0)
- return -EMSGSIZE;
+ size_t len = iov[ct].iov_len;
+
+ if (len > INT_MAX - err) {
+ len = INT_MAX - err;
+ iov[ct].iov_len = len;
+ }
+ err += len;
}
return err;
Frankenstine (BRAVO/EVO/INC) kernel source