net: Fix use after free by removing length arg from sk_data_ready callbacks.

[linux.git] / net / netrom / af_netrom.c

diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 53c19a35fc6dccd2e29318f123b537401c005314..ede50d197e10dfaf3ec73670f40a82ae94c51111 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1011,7 +1011,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev)
        skb_queue_head(&sk->sk_receive_queue, skb);
 
        if (!sock_flag(sk, SOCK_DEAD))
-               sk->sk_data_ready(sk, skb->len);
+               sk->sk_data_ready(sk);
 
        bh_unlock_sock(sk);
 
@@ -1028,7 +1028,7 @@ static int nr_sendmsg(struct kiocb *iocb, struct socket *sock,
 {
        struct sock *sk = sock->sk;
        struct nr_sock *nr = nr_sk(sk);
-       struct sockaddr_ax25 *usax = (struct sockaddr_ax25 *)msg->msg_name;
+       DECLARE_SOCKADDR(struct sockaddr_ax25 *, usax, msg->msg_name);
        int err;
        struct sockaddr_ax25 sax;
        struct sk_buff *skb;
@@ -1137,7 +1137,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
                      struct msghdr *msg, size_t size, int flags)
 {
        struct sock *sk = sock->sk;
-       struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name;
+       DECLARE_SOCKADDR(struct sockaddr_ax25 *, sax, msg->msg_name);
        size_t copied;
        struct sk_buff *skb;
        int er;