netlink: validate addr_len on bind · tjh.dev/kernel@4e4b537

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

netlink: validate addr_len on bind

Otherwise an out of bounds read could happen.

Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Hannes Frederic Sowa and committed by

David S. Miller 13 years ago 4e4b5376 9f1e0ad0

1 changed file

expand all

net

netlink

af_netlink.c

net/netlink/af_netlink.c

··· 669 669 struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr; 670 670 int err; 671 671 672 + if (addr_len < sizeof(struct sockaddr_nl)) 673 + return -EINVAL; 674 + 672 675 if (nladdr->nl_family != AF_NETLINK) 673 676 return -EINVAL; 674 677