Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes...

[linux-2.6-omap-h63xx.git] / net / sctp / auth.c

diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 8bb79f281774b690aec0f42973889de07e7d7fcd..52db5f60daa03ef6f23f9c647129b7dda39e97a8 100644 (file)
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -80,6 +80,10 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
 {
        struct sctp_auth_bytes *key;
 
+       /* Verify that we are not going to overflow INT_MAX */
+       if ((INT_MAX - key_len) < sizeof(struct sctp_auth_bytes))
+               return NULL;
+
        /* Allocate the shared key */
        key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp);
        if (!key)
@@ -782,6 +786,9 @@ int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
        for (i = 0; i < hmacs->shmac_num_idents; i++) {
                id = hmacs->shmac_idents[i];
 
+               if (id > SCTP_AUTH_HMAC_ID_MAX)
+                       return -EOPNOTSUPP;
+
                if (SCTP_AUTH_HMAC_ID_SHA1 == id)
                        has_sha1 = 1;
 
@@ -838,11 +845,11 @@ int sctp_auth_set_key(struct sctp_endpoint *ep,
        }
 
        /* Create a new key data based on the info passed in */
-       key = sctp_auth_create_key(auth_key->sca_keylen, GFP_KERNEL);
+       key = sctp_auth_create_key(auth_key->sca_keylength, GFP_KERNEL);
        if (!key)
                goto nomem;
 
-       memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylen);
+       memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylength);
 
        /* If we are replacing, remove the old keys data from the
         * key id.  If we are adding new key id, add it to the