From 4e4b53768f1ddce38b7f6edcad3a063020ef0024 Mon Sep 17 00:00:00 2001 From: Hannes Frederic Sowa Date: Sat, 15 Dec 2012 15:42:19 +0000 Subject: netlink: validate addr_len on bind Otherwise an out of bounds read could happen. Signed-off-by: Hannes Frederic Sowa Signed-off-by: David S. Miller --- net/netlink/af_netlink.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net/netlink') diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 9ee52b6a12d..c0353d55d56 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -669,6 +669,9 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr; int err; + if (addr_len < sizeof(struct sockaddr_nl)) + return -EINVAL; + if (nladdr->nl_family != AF_NETLINK) return -EINVAL; -- cgit v1.2.3