net/sctp/socket.c · 96dc683b1e342144af1fbd2187f0ab04dad497c2 · Upstream / linux-stable

sctp: Make sure N * sizeof(union sctp_addr) does not overflow. · bd3aae04

David S. Miller authored Jun 20, 2008

commit 735ce972

 upstream

As noticed by Gabriel Campana, the kmalloc() length arg
passed in by sctp_getsockopt_local_addrs_old() can overflow
if ->addr_num is large enough.

Therefore, enforce an appropriate limit.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

bd3aae04

socket.c 184 KB

Replace socket.c