tipc: validate length of sockaddr in connect() for dgram/rdm
Commitf2f8036
("tipc: add support for connect() on dgram/rdm sockets") hasn't validated user input length for the sockaddr structure which allows a user to overwrite kernel memory with arbitrary input. Fixes:f2f8036
("tipc: add support for connect() on dgram/rdm sockets") Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Acked-by: Ying Xue <ying.xue@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
0117ec1970
commit
610600c8c5
|
@ -1851,6 +1851,8 @@ static int tipc_connect(struct socket *sock, struct sockaddr *dest,
|
||||||
if (dst->family == AF_UNSPEC) {
|
if (dst->family == AF_UNSPEC) {
|
||||||
memset(&tsk->remote, 0, sizeof(struct sockaddr_tipc));
|
memset(&tsk->remote, 0, sizeof(struct sockaddr_tipc));
|
||||||
tsk->connected = 0;
|
tsk->connected = 0;
|
||||||
|
} else if (destlen != sizeof(struct sockaddr_tipc)) {
|
||||||
|
res = -EINVAL;
|
||||||
} else {
|
} else {
|
||||||
memcpy(&tsk->remote, dest, destlen);
|
memcpy(&tsk->remote, dest, destlen);
|
||||||
tsk->connected = 1;
|
tsk->connected = 1;
|
||||||
|
|
Loading…
Reference in New Issue