TLS: Fix length check in do_tls_getsockopt_tx()
authorMatthias Rosenfelder <mrosenfelder.lkml@gmail.com>
Thu, 6 Jul 2017 04:56:36 +0000 (00:56 -0400)
committerDavid S. Miller <davem@davemloft.net>
Thu, 6 Jul 2017 09:58:19 +0000 (10:58 +0100)
copy_to_user() copies the struct the pointer is pointing to, but the
length check compares against sizeof(pointer) and not sizeof(struct).
On 32-bit the size is probably the same, so it might have worked
accidentally.

Signed-off-by: Matthias Rosenfelder <mrosenfelder.lkml@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/tls/tls_main.c

index a03130a47b852cff3fddf174d9cf8ce921e3fe86..60aff60e30ad41380b58fd83b1b79ae5a876513e 100644 (file)
@@ -272,7 +272,7 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
                goto out;
        }
 
-       if (len == sizeof(crypto_info)) {
+       if (len == sizeof(*crypto_info)) {
                if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
                        rc = -EFAULT;
                goto out;