patch-1.3.99 linux/net/unix/af_unix.c

Next file: linux/scripts/Menuconfig
Previous file: linux/net/socket.c
Back to the patch index
Back to the overall index

Lines: 26
Date: Tue May 7 12:06:54 1996
Orig file: v1.3.98/linux/net/unix/af_unix.c
Orig date: Fri Apr 12 15:52:13 1996


diff -u --recursive --new-file v1.3.98/linux/net/unix/af_unix.c linux/net/unix/af_unix.c
@@ -27,6 +27,7 @@
  *		Marty Leisner	:	Fixes to fd passing
  *		Nick Nevin	:	recvmsg bugfix.
  *		Alan Cox	:	Started proper garbage collector
+ *		Heiko EiBfeldt	:	Missing verify_area check
  *
  * Known differences from reference BSD that was tested:
  *
@@ -352,7 +353,7 @@
 	if(skpair!=NULL)
 		skpair->protinfo.af_unix.locks--;	/* It may now die */
 	sk->protinfo.af_unix.other=NULL;		/* No pair */
-	unix_destroy_socket(sk);			/* Try and flush out this socket. Throw our buffers at least */
+	unix_destroy_socket(sk);			/* Try to flush out this socket. Throw out buffers at least */
 	
 	/*
 	 *	FIXME: BSD difference: In BSD all sockets connected to use get ECONNRESET and we die on the spot. In
@@ -1222,6 +1223,8 @@
 			if((skb=skb_peek(&sk->receive_queue))!=NULL)
 				amount=skb->len;
 			err=verify_area(VERIFY_WRITE,(void *)arg,sizeof(unsigned long));
+			if(err)
+				return err;
 			put_fs_long(amount,(unsigned long *)arg);
 			return 0;
 		}

FUNET's LINUX-ADM group, linux-adm@nic.funet.fi

TCL-scripts by Sam Shen, slshen@lbl.gov with Sam's (original) version

of this