| From df5b6025d1a9e2e61dde1fd28257082751264c07 Mon Sep 17 00:00:00 2001 |
| From: Jean Delvare <jdelvare@suse.de> |
| Date: Wed, 22 Apr 2009 00:49:51 -0700 |
| Subject: net/netrom: Fix socket locking |
| |
| From: Jean Delvare <jdelvare@suse.de> |
| |
| upstream commit: cc29c70dd581f85ee7a3e7980fb031f90b90a2ab |
| |
| Patch "af_rose/x25: Sanity check the maximum user frame size" |
| (commit 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9) from Alan Cox got |
| locking wrong. If we bail out due to user frame size being too large, |
| we must unlock the socket beforehand. |
| |
| Signed-off-by: Jean Delvare <jdelvare@suse.de> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| net/netrom/af_netrom.c | 6 ++++-- |
| 1 file changed, 4 insertions(+), 2 deletions(-) |
| |
| --- a/net/netrom/af_netrom.c |
| +++ b/net/netrom/af_netrom.c |
| @@ -1084,8 +1084,10 @@ static int nr_sendmsg(struct kiocb *iocb |
| |
| /* Build a packet - the conventional user limit is 236 bytes. We can |
| do ludicrously large NetROM frames but must not overflow */ |
| - if (len > 65536) |
| - return -EMSGSIZE; |
| + if (len > 65536) { |
| + err = -EMSGSIZE; |
| + goto out; |
| + } |
| |
| SOCK_DEBUG(sk, "NET/ROM: sendto: building packet.\n"); |
| size = len + NR_NETWORK_LEN + NR_TRANSPORT_LEN; |