Commit 5a3b886c authored by Matthias Rosenfelder's avatar Matthias Rosenfelder Committed by David S. Miller

TLS: Fix length check in do_tls_getsockopt_tx()

copy_to_user() copies the struct the pointer is pointing to, but the
length check compares against sizeof(pointer) and not sizeof(struct).
On 32-bit the size is probably the same, so it might have worked
accidentally.
Signed-off-by: default avatarMatthias Rosenfelder <mrosenfelder.lkml@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e8f37d57
...@@ -272,7 +272,7 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval, ...@@ -272,7 +272,7 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
goto out; goto out;
} }
if (len == sizeof(crypto_info)) { if (len == sizeof(*crypto_info)) {
if (copy_to_user(optval, crypto_info, sizeof(*crypto_info))) if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
rc = -EFAULT; rc = -EFAULT;
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment