bpf: Check address length before reading address family

mainline inclusion from mainline-5.1-rc6 commit ba024f25 category: bugfix bugzilla: 14086 CVE: NA ------------------------------------------------- KMSAN will complain if valid address length passed to bpf_bind() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: N Andrey Ignatov <rdna@fb.com> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Zhiqiang Liu <liuzhiqiang26@huawei.com> Reviewed-by: N Wenan Mao <maowenan@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

bpf: Check address length before reading address family
mainline inclusion from mainline-5.1-rc6 commit ba024f25 category: bugfix bugzilla: 14086 CVE: NA ------------------------------------------------- KMSAN will complain if valid address length passed to bpf_bind() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: N Andrey Ignatov <rdna@fb.com> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Zhiqiang Liu <liuzhiqiang26@huawei.com> Reviewed-by: N Wenan Mao <maowenan@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
442b20fa · Tetsuo Handa · Xie XiuQi · a3b60bc4 · 442b20fa
显示空白变更内容
内联并排

Showing with 2 addition and 0 deletion

net/core/filter.c net/core/filter.c +2 -0

未找到文件。
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4149,6 +4149,8 @@ BPF_CALL_3(bpf_bind, struct bpf_sock_addr_kern *, ctx, struct sockaddr *, addr,
 	 * Only binding to IP is supported.
 	 */
 	err = -EINVAL;
+	if (addr_len < offsetofend(struct sockaddr, sa_family))
+		return err;
 	if (addr->sa_family == AF_INET) {
 		if (addr_len < sizeof(struct sockaddr_in))
 			return err;