Commit a49e2f5d authored by Guillaume Nault's avatar Guillaume Nault Committed by David S. Miller

pppoe: check sockaddr length in pppoe_connect()

We must validate sockaddr_len, otherwise userspace can pass fewer data
than we expect and we end up accessing invalid data.

Fixes: 224cf5ad ("ppp: Move the PPP drivers")
Reported-by: syzbot+4f03bdf92fdf9ef5ddab@syzkaller.appspotmail.com
Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent eb1c28c0
...@@ -620,6 +620,10 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, ...@@ -620,6 +620,10 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
lock_sock(sk); lock_sock(sk);
error = -EINVAL; error = -EINVAL;
if (sockaddr_len != sizeof(struct sockaddr_pppox))
goto end;
if (sp->sa_protocol != PX_PROTO_OE) if (sp->sa_protocol != PX_PROTO_OE)
goto end; goto end;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment