On Mon, Jan 26, 2009 at 9:33 PM, David Miller [off-list ref] wrote:

From: Jarek Poplawski <redacted>
Date: Mon, 26 Jan 2009 11:50:12 +0000

quoted

On 24-01-2009 23:49, Vegard Nossum wrote:

quoted

+static int sock_linger(struct sock *sk, char __user *optval, int optlen)

...

quoted

+static int sock_set_rcvtimeo(struct sock *sk, char __user *optval, int optlen)
+{
+   int ret;
+   long rcvtimeo;
+
+   ret = sock_set_timeout(&rcvtimeo, optval, optlen);

A check for error is needed here and below.

Right, you cannot continue and update the socket state if this
sock_set_timeout() call returns an error.

Argh, thanks both. What a stupid mistake. What is the point in fixing
something if the fix introduces a different kind of error? :-(

I will fix the patch and also check for other places (like that
attach_filter) that need to be fixed.


Vegard

-- 
"The animistic metaphor of the bug that maliciously sneaked in while
the programmer was not looking is intellectually dishonest as it
disguises that the error is the programmer's own creation."
	-- E. W. Dijkstra, EWD1036