sctp: Check address length before reading address family

KMSAN will complain if valid address length passed to connect() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: N Neil Horman <nhorman@tuxdriver.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

sctp: Check address length before reading address family
KMSAN will complain if valid address length passed to connect() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: N Neil Horman <nhorman@tuxdriver.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
175f7c1f · Tetsuo Handa · David S. Miller · 238ffdc4 · 175f7c1f
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

net/sctp/socket.c net/sctp/socket.c +2 -1

未找到文件。
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4847,7 +4847,8 @@ static int sctp_connect(struct sock *sk, struct sockaddr *addr,
 	}

 	/* Validate addr_len before calling common connect/connectx routine. */
-	af = sctp_get_af_specific(addr->sa_family);
+	af = addr_len < offsetofend(struct sockaddr, sa_family) ? NULL :
+		sctp_get_af_specific(addr->sa_family);
 	if (!af || addr_len < af->sockaddr_len) {
 		err = -EINVAL;
 	} else {