net: netlink: Check address length before reading groups field

mainline inclusion from mainline-5.1-rc6 commit d852be84770c category: bugfix bugzilla: 14091 CVE: NA ------------------------------------------------- KMSAN will complain if valid address length passed to bind() is shorter than sizeof(struct sockaddr_nl) bytes. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Zhiqiang Liu <liuzhiqiang26@huawei.com> Reviewed-by: N Wenan Mao <maowenan@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

net: netlink: Check address length before reading groups field
mainline inclusion from mainline-5.1-rc6 commit d852be84770c category: bugfix bugzilla: 14091 CVE: NA ------------------------------------------------- KMSAN will complain if valid address length passed to bind() is shorter than sizeof(struct sockaddr_nl) bytes. Signed-off-by: N Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Zhiqiang Liu <liuzhiqiang26@huawei.com> Reviewed-by: N Wenan Mao <maowenan@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
9210f3ef · Tetsuo Handa · Xie XiuQi · 81d77fef · 9210f3ef
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

net/netlink/af_netlink.c net/netlink/af_netlink.c +2 -1

未找到文件。
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -993,7 +993,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
 	struct netlink_sock *nlk = nlk_sk(sk);
 	struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
 	int err = 0;
-	unsigned long groups = nladdr->nl_groups;
+	unsigned long groups;
 	bool bound;
 	if (addr_len < sizeof(struct sockaddr_nl))
@@ -1001,6 +1001,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
 	if (nladdr->nl_family != AF_NETLINK)
 		return -EINVAL;
+	groups = nladdr->nl_groups;
 	/* Only superuser is allowed to listen multicasts */
 	if (groups) {