summaryrefslogtreecommitdiff
path: root/net/sctp/socket.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2019-04-12 19:53:10 +0900
committerDavid S. Miller <davem@davemloft.net>2019-04-12 10:25:03 -0700
commit175f7c1f01d30b2088491bee4636fbf846fb76ce (patch)
treef3e3d60992e26ca033d285e6d287abd5a29ef4c1 /net/sctp/socket.c
parent238ffdc49ef98b15819cfd5e3fb23194e3ea3d39 (diff)
downloadlwn-175f7c1f01d30b2088491bee4636fbf846fb76ce.tar.gz
lwn-175f7c1f01d30b2088491bee4636fbf846fb76ce.zip
sctp: Check address length before reading address family
KMSAN will complain if valid address length passed to connect() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/socket.c')
-rw-r--r--net/sctp/socket.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 9874e60c9b0d..4583fa914e62 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4847,7 +4847,8 @@ static int sctp_connect(struct sock *sk, struct sockaddr *addr,
}
/* Validate addr_len before calling common connect/connectx routine. */
- af = sctp_get_af_specific(addr->sa_family);
+ af = addr_len < offsetofend(struct sockaddr, sa_family) ? NULL :
+ sctp_get_af_specific(addr->sa_family);
if (!af || addr_len < af->sockaddr_len) {
err = -EINVAL;
} else {