tcp: Fix >4GB writes on 64-bit.

Fixes kernel bugzilla #16603 tcp_sendmsg() truncates iov_len to an 'int' which a 4GB write to write zero bytes, for example. There is also the problem higher up of how verify_iovec() works. It wants to prevent the total length from looking like an error return value. However it does this using 'int', but syscalls return 'long' (and thus signed 64-bit on 64-bit machines). So it could trigger false-positives on 64-bit as written. So fix it to use 'long'. Reported-by: Olaf Bonorden <bono@onlinehome.de> Reported-by: Daniel Büse <dbuese@gmx.de> Reported-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2010-09-28 03:24:54 (GMT)
committer: David S. Miller <davem@davemloft.net> 2010-09-28 03:24:54 (GMT)
commit: 01db403cf99f739f86903314a489fb420e0e254f (patch)
tree: bf04fbfb3ed88d6cf7abeea1ab5209be36907882 /net/core
parent: 0b20406cda621c2495d10baab1e87127ceb43337 (diff)
download: linux-01db403cf99f739f86903314a489fb420e0e254f.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/net/core/iovec.c b/net/core/iovec.c
index 1cd98df..e6b133b 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -35,9 +35,10 @@
  *	in any case.
  */
 
-int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode)
+long verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr *address, int mode)
 {
-	int size, err, ct;
+	int size, ct;
+	long err;
 
 	if (m->msg_namelen) {
 		if (mode == VERIFY_READ) {
author	David S. Miller <davem@davemloft.net>	2010-09-28 03:24:54 (GMT)
committer	David S. Miller <davem@davemloft.net>	2010-09-28 03:24:54 (GMT)
commit	01db403cf99f739f86903314a489fb420e0e254f (patch)
tree	bf04fbfb3ed88d6cf7abeea1ab5209be36907882 /net/core
parent	0b20406cda621c2495d10baab1e87127ceb43337 (diff)
download	linux-01db403cf99f739f86903314a489fb420e0e254f.tar.xz