From 03ba4131783cc9e872f8bb26a03f15bc11f27564 Mon Sep 17 00:00:00 2001
From: Ralf Baechle <ralf@linux-mips.org>
Date: Sat, 19 Sep 1998 19:15:08 +0000
Subject:  - Merge with Linux 2.1.121.  - Bugfixes.

---
 net/core/scm.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'net/core/scm.c')

diff --git a/net/core/scm.c b/net/core/scm.c
index 3e4469f29..e16c4a45f 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -138,11 +138,15 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
 
 	for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg))
 	{
+		err = -EINVAL;
+
+		if ((unsigned long)(((char*)cmsg - (char*)msg->msg_control)
+				    + cmsg->cmsg_len) > msg->msg_controllen)
+			goto error;
+
 		if (cmsg->cmsg_level != SOL_SOCKET)
 			continue;
 
-		err = -EINVAL;
-
 		switch (cmsg->cmsg_type)
 		{
 		case SCM_RIGHTS:
-- 
cgit v1.2.3