Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6503d961 authored by Changli Gao's avatar Changli Gao Committed by David S. Miller
Browse files

net: check the length of the socket address passed to connect(2) 



check the length of the socket address passed to connect(2).

Check the length of the socket address passed to connect(2). If the
length is invalid, -EINVAL will be returned.

Signed-off-by: default avatarChangli Gao <xiaosuo@gmail.com>
----
net/bluetooth/l2cap.c | 3 ++-
net/bluetooth/rfcomm/sock.c | 3 ++-
net/bluetooth/sco.c | 3 ++-
net/can/bcm.c | 3 +++
net/ieee802154/af_ieee802154.c | 3 +++
net/ipv4/af_inet.c | 5 +++++
net/netlink/af_netlink.c | 3 +++
7 files changed, 20 insertions(+), 3 deletions(-)
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a1d6f3f6

net/bluetooth/l2cap.c

+2 −1
Original line number Diff line number Diff line
@@ -1002,7 +1002,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al 


	BT_DBG("sk %p", sk);



	if (!addr || addr->sa_family != AF_BLUETOOTH)

	if (!addr || alen < sizeof(addr->sa_family) ||

	    addr->sa_family != AF_BLUETOOTH)

		return -EINVAL;



	memset(&la, 0, sizeof(la));

net/bluetooth/rfcomm/sock.c

+2 −1
Original line number Diff line number Diff line
@@ -397,7 +397,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a 


	BT_DBG("sk %p", sk);



	if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc))

	if (alen < sizeof(struct sockaddr_rc) ||

	    addr->sa_family != AF_BLUETOOTH)

		return -EINVAL;



	lock_sock(sk);

net/bluetooth/sco.c

+2 −1
Original line number Diff line number Diff line
@@ -499,7 +499,8 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen 


	BT_DBG("sk %p", sk);



	if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_sco))

	if (alen < sizeof(struct sockaddr_sco) ||

	    addr->sa_family != AF_BLUETOOTH)

		return -EINVAL;



	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)

net/can/bcm.c

+3 −0
Original line number Diff line number Diff line
@@ -1478,6 +1478,9 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, 
	struct sock *sk = sock->sk;

	struct bcm_sock *bo = bcm_sk(sk);



	if (len < sizeof(*addr))

		return -EINVAL;



	if (bo->bound)

		return -EISCONN;

net/ieee802154/af_ieee802154.c

+3 −0
Original line number Diff line number Diff line
@@ -126,6 +126,9 @@ static int ieee802154_sock_connect(struct socket *sock, struct sockaddr *uaddr, 
{

	struct sock *sk = sock->sk;



	if (addr_len < sizeof(uaddr->sa_family))

		return -EINVAL;



	if (uaddr->sa_family == AF_UNSPEC)

		return sk->sk_prot->disconnect(sk, flags);