summaryrefslogtreecommitdiffstats
path: root/net/sctp
diff options
context:
space:
mode:
authorXin Long <lucien.xin@gmail.com>2019-07-30 14:38:20 +0200
committerDavid S. Miller <davem@davemloft.net>2019-07-30 23:18:14 +0200
commitf40f1177c38cb642b65af9f077bc56241e2b41c2 (patch)
tree1fc1e6723a62d40201a928691749e89b15966a8e /net/sctp
parentsctp: only copy the available addr data in sctp_transport_init (diff)
downloadlinux-f40f1177c38cb642b65af9f077bc56241e2b41c2.tar.xz
linux-f40f1177c38cb642b65af9f077bc56241e2b41c2.zip
sctp: check addr_size with sa_family_t size in __sctp_setsockopt_connectx
Now __sctp_connect() is called by __sctp_setsockopt_connectx() and sctp_inet_connect(), the latter has done addr_size check with size of sa_family_t. In the next patch to clean up __sctp_connect(), we will remove addr_size check with size of sa_family_t from __sctp_connect() for the 1st address. So before doing that, __sctp_setsockopt_connectx() should do this check first, as sctp_inet_connect() does. Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp')
-rw-r--r--net/sctp/socket.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index aa80cda36581..e9c5b3930ae6 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -1311,7 +1311,8 @@ static int __sctp_setsockopt_connectx(struct sock *sk,
pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n",
__func__, sk, addrs, addrs_size);
- if (unlikely(addrs_size <= 0))
+ /* make sure the 1st addr's sa_family is accessible later */
+ if (unlikely(addrs_size < sizeof(sa_family_t)))
return -EINVAL;
kaddrs = memdup_user(addrs, addrs_size);