summaryrefslogtreecommitdiffstats
path: root/net/netlink
diff options
context:
space:
mode:
authorHannes Frederic Sowa <hannes@stressinduktion.org>2012-12-15 15:42:19 +0000
committerDavid S. Miller <davem@davemloft.net>2012-12-17 20:50:51 -0800
commit4e4b53768f1ddce38b7f6edcad3a063020ef0024 (patch)
tree2b65ca48277f2600771a56640365ecadd0cbf5e4 /net/netlink
parent9f1e0ad0ad3e19fce3df864502e9f419204397d7 (diff)
downloadlinux-4e4b53768f1ddce38b7f6edcad3a063020ef0024.tar.gz
linux-4e4b53768f1ddce38b7f6edcad3a063020ef0024.tar.bz2
linux-4e4b53768f1ddce38b7f6edcad3a063020ef0024.zip
netlink: validate addr_len on bind
Otherwise an out of bounds read could happen. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlink')
-rw-r--r--net/netlink/af_netlink.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 9ee52b6a12dd..c0353d55d56f 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -669,6 +669,9 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
int err;
+ if (addr_len < sizeof(struct sockaddr_nl))
+ return -EINVAL;
+
if (nladdr->nl_family != AF_NETLINK)
return -EINVAL;