shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-09 04:10:18 +09:00
Code Issues Packages Projects Releases Wiki Activity

net: don't call strlen() on the user buffer in packet_bind_spkt()

Browse Source 
am: 62fe0521fb

Change-Id: Ibaeafd070ed3914db3f5e208ea1e06a4741afde2
This commit is contained in:
Alexander Potapenko
2017-03-22 11:57:49 +00:00
committed by android-build-merger
parent 61a8ace19b 62fe0521fb
commit ca2c57a3f0
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
net/packet/af_packet.c
View File

@@ -3140,7 +3140,7 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
int addr_len)
{
struct sock *sk = sock->sk;
char name[15];
char name[sizeof(uaddr->sa_data) + 1];
/*
* Check legality
@@ -3148,7 +3148,11 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
if (addr_len != sizeof(struct sockaddr))
return -EINVAL;
strlcpy(name, uaddr->sa_data, sizeof(name));
/* uaddr->sa_data comes from the userspace, it's not guaranteed to be
* zero-terminated.
*/
memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data));
name[sizeof(uaddr->sa_data)] = 0;
return packet_do_bind(sk, name, 0, pkt_sk(sk)->num);
}