+4
−0
Loading
Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more
Verify that the caller-provided sockaddr structure is large enough to contain the sa_family field, before accessing it in the connect() handler of the AF_CAIF socket. Since the syscall doesn't enforce a minimum size of the corresponding memory region, very short sockaddrs (zero or one byte long) result in operating on uninitialized memory while referencing sa_family. Signed-off-by:Mateusz Jurczyk <mjurczyk@google.com> Signed-off-by:
David S. Miller <davem@davemloft.net>