summaryrefslogtreecommitdiffstats
path: root/arch/arm64
diff options
context:
space:
mode:
authorMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>2016-03-08 10:34:28 -0300
committerDavid S. Miller <davem@davemloft.net>2016-03-08 15:04:08 -0500
commit133800d1f0288b9ddfc0d0aded10d9efa82d5b8c (patch)
treefa156a2753d1c80c12910790cb12ddf6db7da30b /arch/arm64
parente2857b8f11a289ed2b61d18d0665e05c1053c446 (diff)
downloadlinux-133800d1f0288b9ddfc0d0aded10d9efa82d5b8c.tar.gz
linux-133800d1f0288b9ddfc0d0aded10d9efa82d5b8c.tar.bz2
linux-133800d1f0288b9ddfc0d0aded10d9efa82d5b8c.zip
sctp: fix copying more bytes than expected in sctp_add_bind_addr
Dmitry reported that sctp_add_bind_addr may read more bytes than expected in case the parameter is a IPv4 addr supplied by the user through calls such as sctp_bindx_add(), because it always copies sizeof(union sctp_addr) while the buffer may be just a struct sockaddr_in, which is smaller. This patch then fixes it by limiting the memcpy to the min between the union size and a (new parameter) provided addr size. Where possible this parameter still is the size of that union, except for reading from user-provided buffers, which then it accounts for protocol type. Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'arch/arm64')
0 files changed, 0 insertions, 0 deletions