net: check the length of the socket address passed to connect(2) check the length of the socket address passed to connect(2). Check the length of the socket address passed to connect(2). If the length is invalid, -EINVAL will be returned. Signed-off-by: Changli Gao <xiaosuo@gmail.com> ---- net/bluetooth/l2cap.c | 3 ++- net/bluetooth/rfcomm/sock.c | 3 ++- net/bluetooth/sco.c | 3 ++- net/can/bcm.c | 3 +++ net/ieee802154/af_ieee802154.c | 3 +++ net/ipv4/af_inet.c | 5 +++++ net/netlink/af_netlink.c | 3 +++ 7 files changed, 20 insertions(+), 3 deletions(-) Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 6503d96168f891ffa3b70ae6c9698a1a722025a0 [log] [tgz]
author: Changli Gao <xiaosuo@gmail.com> Wed Mar 31 22:58:26 2010 +0000
committer: David S. Miller <davem@davemloft.net> Thu Apr 01 17:26:01 2010 -0700
tree: 9fafcd9eb2c0b3feda0cf4c36e4167ba3028d83a
parent: a1d6f3f65512cc90a636e6ec653b7bc9e2238753 [diff] [blame]
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 33b7dff..a366861 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c

@@ -530,6 +530,8 @@
 {
 	struct sock *sk = sock->sk;
 
+	if (addr_len < sizeof(uaddr->sa_family))
+		return -EINVAL;
 	if (uaddr->sa_family == AF_UNSPEC)
 		return sk->sk_prot->disconnect(sk, flags);
 
@@ -573,6 +575,9 @@
 	int err;
 	long timeo;
 
+	if (addr_len < sizeof(uaddr->sa_family))
+		return -EINVAL;
+
 	lock_sock(sk);
 
 	if (uaddr->sa_family == AF_UNSPEC) {
commit	6503d96168f891ffa3b70ae6c9698a1a722025a0	[log] [tgz]
author	Changli Gao <xiaosuo@gmail.com>	Wed Mar 31 22:58:26 2010 +0000
committer	David S. Miller <davem@davemloft.net>	Thu Apr 01 17:26:01 2010 -0700
tree	9fafcd9eb2c0b3feda0cf4c36e4167ba3028d83a
parent	a1d6f3f65512cc90a636e6ec653b7bc9e2238753 [diff] [blame]