diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index ec4fe3d4b5c9c17d53d7464b42b82a564ae48e54..ecc4b4a2413e337c059a3468f584575497b8457b 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -934,14 +934,9 @@ static int do_ip_setsockopt(struct sock *sk, int level, err = -ENOBUFS; break; } - msf = kmalloc(optlen, GFP_KERNEL); - if (!msf) { - err = -ENOBUFS; - break; - } - err = -EFAULT; - if (copy_from_user(msf, optval, optlen)) { - kfree(msf); + msf = memdup_user(optval, optlen); + if (IS_ERR(msf)) { + err = PTR_ERR(msf); break; } /* numsrc >= (1G-4) overflow in 32 bits */ @@ -1090,14 +1085,11 @@ static int do_ip_setsockopt(struct sock *sk, int level, err = -ENOBUFS; break; } - gsf = kmalloc(optlen, GFP_KERNEL); - if (!gsf) { - err = -ENOBUFS; + gsf = memdup_user(optval, optlen); + if (IS_ERR(gsf)) { + err = PTR_ERR(gsf); break; } - err = -EFAULT; - if (copy_from_user(gsf, optval, optlen)) - goto mc_msf_out; /* numsrc >= (4G-140)/128 overflow in 32 bits */ if (gsf->gf_numsrc >= 0x1ffffff ||