forked from Minki/linux
ipc: fix potential oops when src msg > 4k w/ MSG_COPY
If the src msg is > 4k, then dest->next points to the next allocated segment; resetting it just prior to dereferencing is bad. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Acked-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
47b3bc9073
commit
e1082f45f1
@ -117,9 +117,6 @@ struct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst)
|
||||
if (alen > DATALEN_MSG)
|
||||
alen = DATALEN_MSG;
|
||||
|
||||
dst->next = NULL;
|
||||
dst->security = NULL;
|
||||
|
||||
memcpy(dst + 1, src + 1, alen);
|
||||
|
||||
len -= alen;
|
||||
|
Loading…
Reference in New Issue
Block a user