Commit bddc028a authored by Tetsuo Handa's avatar Tetsuo Handa Committed by David S. Miller

udpv6: Check address length before reading address family

KMSAN will complain if valid address length passed to udpv6_pre_connect()
is shorter than sizeof("struct sockaddr"->sa_family) bytes.

(This patch is bogus if it is guaranteed that udpv6_pre_connect() is
always called after checking "struct sockaddr"->sa_family. In that case,
we want a comment why we don't need to check valid address length here.)
Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: default avatarSong Liu <songliubraving@fb.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ba024f25
...@@ -1047,6 +1047,8 @@ static void udp_v6_flush_pending_frames(struct sock *sk) ...@@ -1047,6 +1047,8 @@ static void udp_v6_flush_pending_frames(struct sock *sk)
static int udpv6_pre_connect(struct sock *sk, struct sockaddr *uaddr, static int udpv6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
int addr_len) int addr_len)
{ {
if (addr_len < offsetofend(struct sockaddr, sa_family))
return -EINVAL;
/* The following checks are replicated from __ip6_datagram_connect() /* The following checks are replicated from __ip6_datagram_connect()
* and intended to prevent BPF program called below from accessing * and intended to prevent BPF program called below from accessing
* bytes that are out of the bound specified by user in addr_len. * bytes that are out of the bound specified by user in addr_len.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment