From: Christoph Hellwig Date: Sun, 19 Jul 2020 07:22:04 +0000 (+0200) Subject: sctp: pass a kernel pointer to sctp_setsockopt_auth_key X-Git-Tag: v5.9-rc1~133^2~202^2~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=534d13d07e771d090d61cd98f96b2cbf29765cef;p=thirdparty%2Flinux.git sctp: pass a kernel pointer to sctp_setsockopt_auth_key Use the kernel pointer that sctp_setsockopt has available instead of directly handling the user pointer. Adapt sctp_setsockopt to use a kzfree for this case. Signed-off-by: Christoph Hellwig Signed-off-by: David S. Miller --- diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 365145746b559..b4dcccba5787e 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -3594,11 +3594,10 @@ static int sctp_setsockopt_hmac_ident(struct sock *sk, * association shared key. */ static int sctp_setsockopt_auth_key(struct sock *sk, - char __user *optval, + struct sctp_authkey *authkey, unsigned int optlen) { struct sctp_endpoint *ep = sctp_sk(sk)->ep; - struct sctp_authkey *authkey; struct sctp_association *asoc; int ret = -EINVAL; @@ -3609,10 +3608,6 @@ static int sctp_setsockopt_auth_key(struct sock *sk, */ optlen = min_t(unsigned int, optlen, USHRT_MAX + sizeof(*authkey)); - authkey = memdup_user(optval, optlen); - if (IS_ERR(authkey)) - return PTR_ERR(authkey); - if (authkey->sca_keylength > optlen - sizeof(*authkey)) goto out; @@ -3650,7 +3645,6 @@ static int sctp_setsockopt_auth_key(struct sock *sk, out: memzero_explicit(authkey, optlen); - kfree(authkey); return ret; } @@ -4692,7 +4686,7 @@ static int sctp_setsockopt(struct sock *sk, int level, int optname, retval = sctp_setsockopt_hmac_ident(sk, kopt, optlen); break; case SCTP_AUTH_KEY: - retval = sctp_setsockopt_auth_key(sk, optval, optlen); + retval = sctp_setsockopt_auth_key(sk, kopt, optlen); break; case SCTP_AUTH_ACTIVE_KEY: retval = sctp_setsockopt_active_key(sk, optval, optlen);