The problem is not on being bigger than what we want, but on being
smaller, as it causes read of invalid memory.
Note that the struct changes on commit 7e8616d8e773 didn't affect
sctp_setsockopt_events one but that's where this check was flipped.
Fixes: 7e8616d8e773 ("[SCTP]: Update AUTH structures to match
declarations in draft-16.")
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com>
---
net/sctp/socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index
1425ec2bbd5ae359a8e0408a89a6da6bb60bd87e..6c4f0dac2104d38ba6420ce6740224866a2ece82
100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -2195,7 +2195,7 @@ static int sctp_setsockopt_events(struct sock *sk, char
__user *optval,
struct sctp_association *asoc;
struct sctp_ulpevent *event;
- if (optlen > sizeof(struct sctp_event_subscribe))
+ if (optlen < sizeof(struct sctp_event_subscribe))
return -EINVAL;
if (copy_from_user(&sctp_sk(sk)->subscribe, optval, optlen))
return -EFAULT;
--
2.4.3
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
