summaryrefslogtreecommitdiff
path: root/net/tls
diff options
context:
space:
mode:
authorMatthias Rosenfelder <mrosenfelder.lkml@gmail.com>2017-07-06 07:56:36 +0300
committerDavid S. Miller <davem@davemloft.net>2017-07-06 12:58:19 +0300
commit5a3b886c3cc5de1b9ec618bf27e1b31c6624f3ca (patch)
tree44ee8905a9dda4c6c90f2b3527ea1ef5181f3bb4 /net/tls
parente8f37d57dff20a455abb36942e326073dd47738d (diff)
downloadlinux-5a3b886c3cc5de1b9ec618bf27e1b31c6624f3ca.tar.xz
TLS: Fix length check in do_tls_getsockopt_tx()
copy_to_user() copies the struct the pointer is pointing to, but the length check compares against sizeof(pointer) and not sizeof(struct). On 32-bit the size is probably the same, so it might have worked accidentally. Signed-off-by: Matthias Rosenfelder <mrosenfelder.lkml@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls')
-rw-r--r--net/tls/tls_main.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index a03130a47b85..60aff60e30ad 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -272,7 +272,7 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
goto out;
}
- if (len == sizeof(crypto_info)) {
+ if (len == sizeof(*crypto_info)) {
if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
rc = -EFAULT;
goto out;