ieee802154: verify packet size before trying to allocate it (3da947b2) · Commits · e / devices / android_kernel_teracube_2e

net/ieee802154/dgram.c

+6 −6

Original line number	Diff line number	Diff line
		@@ -230,6 +230,12 @@ static int dgram_sendmsg(struct kiocb iocb, struct sock sk,
		mtu = dev->mtu;
		pr_debug("name = %s, mtu = %u\n", dev->name, mtu);

		if (size > mtu) {
		pr_debug("size = %Zu, mtu = %u\n", size, mtu);
		err = -EINVAL;
		goto out_dev;
		}

		hlen = LL_RESERVED_SPACE(dev);
		tlen = dev->needed_tailroom;
		skb = sock_alloc_send_skb(sk, hlen + tlen + size,
		@@ -258,12 +264,6 @@ static int dgram_sendmsg(struct kiocb iocb, struct sock sk,
		if (err < 0)
		goto out_skb;

		if (size > mtu) {
		pr_debug("size = %Zu, mtu = %u\n", size, mtu);
		err = -EINVAL;
		goto out_skb;
		}

		skb->dev = dev;
		skb->sk = sk;
		skb->protocol = htons(ETH_P_IEEE802154);