Re: [PATCH]: Fix off-by-one in max protocol-type check

[Patrick McHardy <kaber@xxxxxxxxx>]

Patrick McHardy wrote:
> This patch fixes an off-by-one in inet_register_protosw and
> inet6_register_protosw. inetsw is an array of size SOCK_MAX,
> the check allows access to index SOCK_MAX. Patch applies
> to 2.4 and 2.6.

Forgot the patch, sorry ;)


> Regards
> Patrick

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/05/28 12:24:03+02:00 kaber@xxxxxxxxx 
#   [IPV4,6]: Fix off-by-one in max protocol-type check
# 
# net/ipv6/af_inet6.c
#   2004/05/28 12:23:56+02:00 kaber@xxxxxxxxx +1 -1
#   [IPV4,6]: Fix off-by-one in max protocol-type check
# 
# net/ipv4/af_inet.c
#   2004/05/28 12:23:56+02:00 kaber@xxxxxxxxx +1 -1
#   [IPV4,6]: Fix off-by-one in max protocol-type check
# 
diff -Nru a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
--- a/net/ipv4/af_inet.c        2004-05-28 12:35:06 +02:00
+++ b/net/ipv4/af_inet.c        2004-05-28 12:35:06 +02:00
@@ -978,7 +978,7 @@
 
        spin_lock_bh(&inetsw_lock);
 
-       if (p->type > SOCK_MAX)
+       if (p->type >= SOCK_MAX)
                goto out_illegal;
 
        /* If we are trying to override a permanent protocol, bail. */
diff -Nru a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
--- a/net/ipv6/af_inet6.c       2004-05-28 12:35:06 +02:00
+++ b/net/ipv6/af_inet6.c       2004-05-28 12:35:06 +02:00
@@ -572,7 +572,7 @@
 
        spin_lock_bh(&inetsw6_lock);
 
-       if (p->type > SOCK_MAX)
+       if (p->type >= SOCK_MAX)
                goto out_illegal;
 
        /* If we are trying to override a permanent protocol, bail. */