summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHannes Frederic Sowa <hannes@stressinduktion.org>2012-12-15 16:42:19 +0100
committerDavid S. Miller <davem@davemloft.net>2012-12-18 05:50:51 +0100
commit4e4b53768f1ddce38b7f6edcad3a063020ef0024 (patch)
tree2b65ca48277f2600771a56640365ecadd0cbf5e4
parentnetlink: change presentation of portid in procfs to unsigned (diff)
downloadlinux-4e4b53768f1ddce38b7f6edcad3a063020ef0024.tar.xz
linux-4e4b53768f1ddce38b7f6edcad3a063020ef0024.zip
netlink: validate addr_len on bind
Otherwise an out of bounds read could happen. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/netlink/af_netlink.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 9ee52b6a12dd..c0353d55d56f 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -669,6 +669,9 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
int err;
+ if (addr_len < sizeof(struct sockaddr_nl))
+ return -EINVAL;
+
if (nladdr->nl_family != AF_NETLINK)
return -EINVAL;