• David S. Miller's avatar
    net: Limit socket I/O iovec total length to INT_MAX. · 8acfe468
    David S. Miller authored
    This helps protect us from overflow issues down in the
    individual protocol sendmsg/recvmsg handlers.  Once
    we hit INT_MAX we truncate out the rest of the iovec
    by setting the iov_len members to zero.
    
    This works because:
    
    1) For SOCK_STREAM and SOCK_SEQPACKET sockets, partial
       writes are allowed and the application will just continue
       with another write to send the rest of the data.
    
    2) For datagram oriented sockets, where there must be a
       one-to-one correspondance between write() calls and
       packets on the wire, INT_MAX is going to be far larger
       than the packet size limit the protocol is going to
       check for and signal with -EMSGSIZE.
    
    Based upon a patch by Linus Torvalds.
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    8acfe468
iovec.c 5.62 KB