* Sridhar Samudrala ([EMAIL PROTECTED]) wrote:
> -int verify_iovec(struct msghdr *m, struct iovec *iov, char *address, int
> mode)
> +ssize_t verify_iovec(struct msghdr *m, struct iovec *iov, char *address, int
> mode)
> {
> int size, err, ct;
> + ssize_t tot_len = 0;
>
> if (m->msg_namelen) {
> if (mode == VERIFY_READ) {
> @@ -61,17 +62,22 @@ int verify_iovec(struct msghdr *m, struc
> err = 0;
>
> for (ct = 0; ct < m->msg_iovlen; ct++) {
> - err += iov[ct].iov_len;
> + ssize_t len;
> +
> /*
> - * Goal is not to verify user data, but to prevent returning
> - * negative value, which is interpreted as errno.
> - * Overflow is still possible, but it is harmless.
> + * Goal is not to verify user data, but to prevent the cases
> + * where an iov_len value or the sum of all iov_len values
> + * overflows ssize_t.
> */
> - if (err < 0)
> - return -EMSGSIZE;
> + len = (ssize_t)iov[ct].iov_len;
> + if (len < 0)
> + return -EINVAL;
> + tot_len += len;
> + if (tot_len < 0)
I specifically used size_t here, because signed integer overflow is not
defined in C.
thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
