diff options
author | Willem de Bruijn <willemb@google.com> | 2018-12-22 22:53:45 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-12-23 00:12:04 +0100 |
commit | 6b8d95f1795c42161dc0984b6863e95d6acf24ed (patch) | |
tree | 8288508ee59a916d28fe8786dcc93081eea3f1c9 /net/packet | |
parent | nfc: af_nfc: Fix Spectre v1 vulnerability (diff) | |
download | linux-6b8d95f1795c42161dc0984b6863e95d6acf24ed.tar.xz linux-6b8d95f1795c42161dc0984b6863e95d6acf24ed.zip |
packet: validate address length if non-zero
Validate packet socket address length if a length is given. Zero
length is equivalent to not setting an address.
Fixes: 99137b7888f4 ("packet: validate address length")
Reported-by: Ido Schimmel <idosch@idosch.org>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/packet')
-rw-r--r-- | net/packet/af_packet.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 5dda263b4a0a..eedacdebcd4c 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -2625,7 +2625,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) sll_addr))) goto out; proto = saddr->sll_protocol; - addr = saddr->sll_addr; + addr = saddr->sll_halen ? saddr->sll_addr : NULL; dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex); if (addr && dev && saddr->sll_halen < dev->addr_len) goto out; @@ -2825,7 +2825,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr))) goto out; proto = saddr->sll_protocol; - addr = saddr->sll_addr; + addr = saddr->sll_halen ? saddr->sll_addr : NULL; dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex); if (addr && dev && saddr->sll_halen < dev->addr_len) goto out; |