diff options
author | Xin Long <lucien.xin@gmail.com> | 2019-07-30 14:38:20 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-07-30 23:18:14 +0200 |
commit | f40f1177c38cb642b65af9f077bc56241e2b41c2 (patch) | |
tree | 1fc1e6723a62d40201a928691749e89b15966a8e /net/sctp | |
parent | sctp: only copy the available addr data in sctp_transport_init (diff) | |
download | linux-f40f1177c38cb642b65af9f077bc56241e2b41c2.tar.xz linux-f40f1177c38cb642b65af9f077bc56241e2b41c2.zip |
sctp: check addr_size with sa_family_t size in __sctp_setsockopt_connectx
Now __sctp_connect() is called by __sctp_setsockopt_connectx() and
sctp_inet_connect(), the latter has done addr_size check with size
of sa_family_t.
In the next patch to clean up __sctp_connect(), we will remove
addr_size check with size of sa_family_t from __sctp_connect()
for the 1st address.
So before doing that, __sctp_setsockopt_connectx() should do
this check first, as sctp_inet_connect() does.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp')
-rw-r--r-- | net/sctp/socket.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index aa80cda36581..e9c5b3930ae6 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1311,7 +1311,8 @@ static int __sctp_setsockopt_connectx(struct sock *sk, pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n", __func__, sk, addrs, addrs_size); - if (unlikely(addrs_size <= 0)) + /* make sure the 1st addr's sa_family is accessible later */ + if (unlikely(addrs_size < sizeof(sa_family_t))) return -EINVAL; kaddrs = memdup_user(addrs, addrs_size); |