Commit 32b25b63 authored by Peter Hurley's avatar Peter Hurley Committed by Greg Kroah-Hartman

ipc: fix potential oops when src msg > 4k w/ MSG_COPY

commit e1082f45 upstream.

If the src msg is > 4k, then dest->next points to the
next allocated segment; resetting it just prior to dereferencing
is bad.
Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
Acked-by: default avatarStanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent aaf4a851
......@@ -117,9 +117,6 @@ struct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst)
if (alen > DATALEN_MSG)
alen = DATALEN_MSG;
dst->next = NULL;
dst->security = NULL;
memcpy(dst + 1, src + 1, alen);
len -= alen;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment