tomoyo: Check address length before reading address family

KMSAN will complain if valid address length passed to bind()/connect()/ sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: N James Morris <jamorris@linux.microsoft.com>

tomoyo: Check address length before reading address family
KMSAN will complain if valid address length passed to bind()/connect()/ sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: N James Morris <jamorris@linux.microsoft.com>
e6193f78 · Tetsuo Handa · James Morris · e80b1859 · e6193f78
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

security/tomoyo/network.c security/tomoyo/network.c +4 -0

未找到文件。
--- a/security/tomoyo/network.c
+++ b/security/tomoyo/network.c
@@ -505,6 +505,8 @@ static int tomoyo_check_inet_address(const struct sockaddr *addr,
 {
 	struct tomoyo_inet_addr_info *i = &address->inet;
+	if (addr_len < offsetofend(struct sockaddr, sa_family))
+		return 0;
 	switch (addr->sa_family) {
 	case AF_INET6:
 		if (addr_len < SIN6_LEN_RFC2133)
@@ -594,6 +596,8 @@ static int tomoyo_check_unix_address(struct sockaddr *addr,
 {
 	struct tomoyo_unix_addr_info *u = &address->unix0;
+	if (addr_len < offsetofend(struct sockaddr, sa_family))
+		return 0;
 	if (addr->sa_family != AF_UNIX)
 		return 0;
 	u->addr = ((struct sockaddr_un *) addr)->sun_path;