From: Neil Horman Date: Mon, 18 Jun 2007 23:59:16 +0000 (-0400) Subject: SCTP: Fix sctp_getsockopt_get_peer_addrs X-Git-Tag: v2.6.22-rc7~12^2~2^2~1 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=186e234358ba29a4094d0c8c0d3ea00f84d32a3e;p=linux-2.6-omap-h63xx.git SCTP: Fix sctp_getsockopt_get_peer_addrs This is the split out of the patch that we agreed I should split out from my last patch. It changes space_left to be computed in the same way the to variable is. I know we talked about changing space_left to an int, but I think size_t is more appropriate, since we should never have negative space in our buffer, and computing using offsetof means space_left should now never drop below zero. Signed-off-by: Neil Horman Acked-by: Sridhar Samudrala Signed-off-by: Vlad Yasevich --- diff --git a/net/sctp/socket.c b/net/sctp/socket.c index c1f239ac12b..2fc036699d4 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4019,8 +4019,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, return -EINVAL; to = optval + offsetof(struct sctp_getaddrs,addrs); - space_left = len - sizeof(struct sctp_getaddrs) - - offsetof(struct sctp_getaddrs,addrs); + space_left = len - offsetof(struct sctp_getaddrs,addrs); list_for_each(pos, &asoc->peer.transport_addr_list) { from = list_entry(pos, struct sctp_transport, transports); @@ -4327,8 +4326,8 @@ static int sctp_getsockopt_local_addrs(struct sock *sk, int len, } to = optval + offsetof(struct sctp_getaddrs,addrs); - space_left = len - sizeof(struct sctp_getaddrs) - - offsetof(struct sctp_getaddrs,addrs); + space_left = len - offsetof(struct sctp_getaddrs,addrs); + addrs = kmalloc(space_left, GFP_KERNEL); if (!addrs) return -ENOMEM;