netlink: validate addr_len on bind
Otherwise an out of bounds read could happen. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
9f1e0ad0ad
commit
4e4b53768f
|
@ -669,6 +669,9 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
|
||||||
struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
|
struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
|
if (addr_len < sizeof(struct sockaddr_nl))
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
if (nladdr->nl_family != AF_NETLINK)
|
if (nladdr->nl_family != AF_NETLINK)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
|
Reference in New Issue