projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4c31bc6)
sctp: check addr_size with sa_family_t size in __sctp_setsockopt_connectx
authorXin Long <lucien.xin@gmail.com>
Tue, 30 Jul 2019 12:38:20 +0000 (20:38 +0800)
committerDavid S. Miller <davem@davemloft.net>
Tue, 30 Jul 2019 21:18:14 +0000 (14:18 -0700)
Now __sctp_connect() is called by __sctp_setsockopt_connectx() and
sctp_inet_connect(), the latter has done addr_size check with size
of sa_family_t.

In the next patch to clean up __sctp_connect(), we will remove
addr_size check with size of sa_family_t from __sctp_connect()
for the 1st address.

So before doing that, __sctp_setsockopt_connectx() should do
this check first, as sctp_inet_connect() does.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sctp/socket.c patch | blob | history

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index aa80cda3658116b94081f4700c28b8cb03fd2de6..e9c5b3930ae6f1d6e3d8d8ece84ee2418674148d 100644 (file)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -1311,7 +1311,8 @@ static int __sctp_setsockopt_connectx(struct sock *sk,
        pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n",
                 __func__, sk, addrs, addrs_size);
 
-       if (unlikely(addrs_size <= 0))
+       /* make sure the 1st addr's sa_family is accessible later */
+       if (unlikely(addrs_size < sizeof(sa_family_t)))
                return -EINVAL;
 
        kaddrs = memdup_user(addrs, addrs_size);
John Crispins staging tree