dccp: allow probing of CCID-array length

[safe/jmp/linux-2.6] / net / dccp / ccid.c

diff --git a/net/dccp/ccid.c b/net/dccp/ccid.c
index ff16e9d..49d27c5 100644 (file)
--- a/net/dccp/ccid.c
+++ b/net/dccp/ccid.c
@@ -63,14 +63,13 @@ int ccid_getsockopt_builtin_ccids(struct sock *sk, int len,
        u8 *ccid_array, array_len;
        int err = 0;
 
-       if (len < ARRAY_SIZE(ccids))
-               return -EINVAL;
-
        if (ccid_get_builtin_ccids(&ccid_array, &array_len))
                return -ENOBUFS;
 
-       if (put_user(array_len, optlen) ||
-           copy_to_user(optval, ccid_array, array_len))
+       if (put_user(array_len, optlen))
+               err = -EFAULT;
+       else if (len > 0 && copy_to_user(optval, ccid_array,
+                                        len > array_len ? array_len : len))
                err = -EFAULT;
 
        kfree(ccid_array);