From mboxrd@z Thu Jan  1 00:00:00 1970
From: Guillaume Nault <g.nault@alphalink.fr>
Subject: Re: [PATCH net] l2tp: check sockaddr length in pppol2tp_connect()
Date: Tue, 24 Apr 2018 10:23:30 +0200
Message-ID: <20180424082330.GD1440@alphalink.fr>
References: <e76f65e9826fe7591dc8bba561461c993e5643e0.1524492877.git.g.nault@alphalink.fr>
 <20180423.211122.76873901039312656.davem@davemloft.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: netdev@vger.kernel.org, jchapman@katalix.com
To: David Miller <davem@davemloft.net>
Return-path: <netdev-owner@vger.kernel.org>
Received: from zimbra.alphalink.fr ([217.15.80.77]:49683 "EHLO
        zimbra.alphalink.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1755887AbeDXIXg (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 24 Apr 2018 04:23:36 -0400
Content-Disposition: inline
In-Reply-To: <20180423.211122.76873901039312656.davem@davemloft.net>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Mon, Apr 23, 2018 at 09:11:22PM -0400, David Miller wrote:
> From: Guillaume Nault <g.nault@alphalink.fr>
> Date: Mon, 23 Apr 2018 16:15:14 +0200
> 
> > Check sockaddr_len before dereferencing sp->sa_protocol, to ensure that
> > it actually points to valid data.
> > 
> > Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts")
> > Reported-by: syzbot+a70ac890b23b1bf29f5c@syzkaller.appspotmail.com
> > Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
> 
> Applied and queued up for -stable.
> 
> I guess you can completely remove the "bad socket address" -EINVAL else
> clause later in the function as a cleanup in net-next.
> 
Yes, will do. Thanks.