shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-11 05:17:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

net/ieee802154: fix uninit value bug in dgram_sendmsg

Browse Source 
[ Upstream commit 94160108a7 ]

There is uninit value bug in dgram_sendmsg function in
net/ieee802154/socket.c when the length of valid data pointed by the
msg->msg_name isn't verified.

We introducing a helper function ieee802154_sockaddr_check_size to
check namelen. First we check there is addr_type in ieee802154_addr_sa.
Then, we check namelen according to addr_type.

Also fixed in raw_bind, dgram_bind, dgram_connect.

Signed-off-by: Haimin Zhang <tcs_kernel@tencent.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Haimin Zhang
2022-09-08 20:19:27 +08:00
committed by Greg Kroah-Hartman
parent 4d9a46b959
commit f407571793
2 changed files with 60 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
include/net/ieee802154_netdev.h
View File

@@ -23,6 +23,22 @@
#ifndef IEEE802154_NETDEVICE_H
#define IEEE802154_NETDEVICE_H
#define IEEE802154_REQUIRED_SIZE(struct_type, member) \
(offsetof(typeof(struct_type), member) + \
sizeof(((typeof(struct_type) *)(NULL))->member))
#define IEEE802154_ADDR_OFFSET \
offsetof(typeof(struct sockaddr_ieee802154), addr)
#define IEEE802154_MIN_NAMELEN (IEEE802154_ADDR_OFFSET + \
IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, addr_type))
#define IEEE802154_NAMELEN_SHORT (IEEE802154_ADDR_OFFSET + \
IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, short_addr))
#define IEEE802154_NAMELEN_LONG (IEEE802154_ADDR_OFFSET + \
IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, hwaddr))
#include <net/af_ieee802154.h>
#include <linux/netdevice.h>
#include <linux/skbuff.h>
@@ -173,6 +189,27 @@ static inline void ieee802154_devaddr_to_raw(void *raw, __le64 addr)
memcpy(raw, &temp, IEEE802154_ADDR_LEN);
}
static inline int
ieee802154_sockaddr_check_size(struct sockaddr_ieee802154 *daddr, int len)
{
struct ieee802154_addr_sa *sa;
sa = &daddr->addr;
if (len < IEEE802154_MIN_NAMELEN)
return -EINVAL;
switch (sa->addr_type) {
case IEEE802154_ADDR_SHORT:
if (len < IEEE802154_NAMELEN_SHORT)
return -EINVAL;
break;
case IEEE802154_ADDR_LONG:
if (len < IEEE802154_NAMELEN_LONG)
return -EINVAL;
break;
}
return 0;
}
static inline void ieee802154_addr_from_sa(struct ieee802154_addr *a,
const struct ieee802154_addr_sa *sa)
{