VMCI: Check userland-provided datagram size

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Ensure that the size filled in by userland in the datagram header
matches the size of the buffer passed down in the IOCTL. Note that we
account for the size of the header itself in the check.

Acked-by: Jorgen Hansen <jhansen@vmware.com>
Acked-by: Aditya Sarwade <asarwade@vmware.com>
Signed-off-by: Andy King <acking@vmware.com>
Reported-by: David Ramos <daramos@stanford.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Andy King and committed by

Greg Kroah-Hartman 11 years ago 74b5c297 bf136121

+7 -1

2 changed files

expand all

drivers

misc

vmw_vmci

vmci_driver.c

vmci_host.c

+1 -1

drivers/misc/vmw_vmci/vmci_driver.c

··· 113 113 114 114 MODULE_AUTHOR("VMware, Inc."); 115 115 MODULE_DESCRIPTION("VMware Virtual Machine Communication Interface."); 116 - MODULE_VERSION("1.1.1.0-k"); 116 + MODULE_VERSION("1.1.2.0-k"); 117 117 MODULE_LICENSE("GPL v2");

drivers/misc/vmw_vmci/vmci_host.c

··· 395 395 return -EFAULT; 396 396 } 397 397 398 + if (VMCI_DG_SIZE(dg) != send_info.len) { 399 + vmci_ioctl_err("datagram size mismatch\n"); 400 + kfree(dg); 401 + return -EINVAL; 402 + } 403 + 398 404 pr_devel("Datagram dst (handle=0x%x:0x%x) src (handle=0x%x:0x%x), payload (size=%llu bytes)\n", 399 405 dg->dst.context, dg->dst.resource, 400 406 dg->src.context, dg->src.resource,