summaryrefslogtreecommitdiff
path: root/net/ipv6
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2019-04-12 13:56:39 +0300
committerDavid S. Miller <davem@davemloft.net>2019-04-12 20:25:03 +0300
commitbddc028a4f2ac8cf4d0cd1c696b5f95d8305a553 (patch)
tree22ffe3c231a56ec63e3296cd85141e27014ef339 /net/ipv6
parentba024f2574a19557f92116ec6be129b26ae66e97 (diff)
downloadlinux-bddc028a4f2ac8cf4d0cd1c696b5f95d8305a553.tar.xz
udpv6: Check address length before reading address family
KMSAN will complain if valid address length passed to udpv6_pre_connect() is shorter than sizeof("struct sockaddr"->sa_family) bytes. (This patch is bogus if it is guaranteed that udpv6_pre_connect() is always called after checking "struct sockaddr"->sa_family. In that case, we want a comment why we don't need to check valid address length here.) Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Song Liu <songliubraving@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/udp.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index b444483cdb2b..622eeaf5732b 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1047,6 +1047,8 @@ static void udp_v6_flush_pending_frames(struct sock *sk)
static int udpv6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
int addr_len)
{
+ if (addr_len < offsetofend(struct sockaddr, sa_family))
+ return -EINVAL;
/* The following checks are replicated from __ip6_datagram_connect()
* and intended to prevent BPF program called below from accessing
* bytes that are out of the bound specified by user in addr_len.