Re: [PATCH v2] net: Check the argument for listen(2)
From: Eric Dumazet <hidden>
Date: 2013-06-28 16:33:15
On Sat, 2013-06-29 at 00:22 +0800, Changli Gao wrote:
quoted hunk ↗ jump to hunk
As we use u16 to save the value of the argument for listen(2), we'd better check if the value is larger than SINT_MAX other than cut it down silently on error. --- net/ipv4/af_inet.c | 3 +++ 1 file changed, 3 insertions(+)diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index b4d0be2..35aaf00 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c@@ -198,6 +198,9 @@ int inet_listen(struct socket *sock, int backlog) unsigned char old_state; int err; + if (backlog >= (1 << 16)) + return -EINVAL; + lock_sock(sk); err = -EINVAL;
Well, there is still this possible regression for old applications. Just use u32 fields instead of u16 ?