Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

TLS: Fix length check in do_tls_getsockopt_tx()

copy_to_user() copies the struct the pointer is pointing to, but the
length check compares against sizeof(pointer) and not sizeof(struct).
On 32-bit the size is probably the same, so it might have worked
accidentally.

Signed-off-by: Matthias Rosenfelder <mrosenfelder.lkml@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Matthias Rosenfelder 8 years ago
parent
e8f37d57df
commit
5a3b886c3c
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      net/tls/tls_main.c

+ 1 - 1
net/tls/tls_main.c
View File 

@@ -272,7 +272,7 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
 
 		goto out;
 
 	}
 
 
-	if (len == sizeof(crypto_info)) {
 
+	if (len == sizeof(*crypto_info)) {
 
 		if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
 
 			rc = -EFAULT;
 
 		goto out;