summaryrefslogtreecommitdiff
path: root/net/socket.c
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2018-05-14 03:01:30 +0300
committerDavid S. Miller <davem@davemloft.net>2018-05-14 23:40:45 +0300
commitd49baa7e12ee70c0a7b821d088a770c94c02e494 (patch)
tree533f8add47270500c196ce5241e8d578283a4dc6 /net/socket.c
parent57f6f99fdad9984801cde05c1db68fe39b474a10 (diff)
downloadlinux-d49baa7e12ee70c0a7b821d088a770c94c02e494.tar.xz
net/smc: check for missing nlattrs in SMC_PNETID messages
It's possible to crash the kernel in several different ways by sending messages to the SMC_PNETID generic netlink family that are missing the expected attributes: - Missing SMC_PNETID_NAME => null pointer dereference when comparing names. - Missing SMC_PNETID_ETHNAME => null pointer dereference accessing smc_pnetentry::ndev. - Missing SMC_PNETID_IBNAME => null pointer dereference accessing smc_pnetentry::smcibdev. - Missing SMC_PNETID_IBPORT => out of bounds array access to smc_ib_device::pattr[-1]. Fix it by validating that all expected attributes are present and that SMC_PNETID_IBPORT is nonzero. Reported-by: syzbot+5cd61039dc9b8bfa6e47@syzkaller.appspotmail.com Fixes: 6812baabf24d ("smc: establish pnet table management") Cc: <stable@vger.kernel.org> # v4.11+ Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/socket.c')
0 files changed, 0 insertions, 0 deletions