* [PATCH net] pptp: validate sockaddr_len before binding
@ 2015-12-14 22:45 Hannes Frederic Sowa
2015-12-14 22:58 ` Cong Wang
0 siblings, 1 reply; 3+ messages in thread
From: Hannes Frederic Sowa @ 2015-12-14 22:45 UTC (permalink / raw)
To: netdev
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
---
drivers/net/ppp/pptp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
index fc69e41d09506e..f9ffdf070ad807 100644
--- a/drivers/net/ppp/pptp.c
+++ b/drivers/net/ppp/pptp.c
@@ -419,6 +419,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
struct pptp_opt *opt = &po->proto.pptp;
int error = 0;
+ if (sockaddr_len < sizeof(*sp))
+ return -EINVAL;
+
lock_sock(sk);
opt->src_addr = sp->sa_addr.pptp;
--
2.5.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net] pptp: validate sockaddr_len before binding
2015-12-14 22:45 [PATCH net] pptp: validate sockaddr_len before binding Hannes Frederic Sowa
@ 2015-12-14 22:58 ` Cong Wang
2015-12-14 23:33 ` Hannes Frederic Sowa
0 siblings, 1 reply; 3+ messages in thread
From: Cong Wang @ 2015-12-14 22:58 UTC (permalink / raw)
To: Hannes Frederic Sowa; +Cc: netdev
On Mon, Dec 14, 2015 at 2:45 PM, Hannes Frederic Sowa
<hannes@stressinduktion.org> wrote:
> diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
> index fc69e41d09506e..f9ffdf070ad807 100644
> --- a/drivers/net/ppp/pptp.c
> +++ b/drivers/net/ppp/pptp.c
> @@ -419,6 +419,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
> struct pptp_opt *opt = &po->proto.pptp;
> int error = 0;
>
> + if (sockaddr_len < sizeof(*sp))
> + return -EINVAL;
> +
I sent a very similar patch:
https://patchwork.ozlabs.org/patch/556663/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net] pptp: validate sockaddr_len before binding
2015-12-14 22:58 ` Cong Wang
@ 2015-12-14 23:33 ` Hannes Frederic Sowa
0 siblings, 0 replies; 3+ messages in thread
From: Hannes Frederic Sowa @ 2015-12-14 23:33 UTC (permalink / raw)
To: Cong Wang; +Cc: netdev
On 14.12.2015 23:58, Cong Wang wrote:
> On Mon, Dec 14, 2015 at 2:45 PM, Hannes Frederic Sowa
> <hannes@stressinduktion.org> wrote:
>> diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
>> index fc69e41d09506e..f9ffdf070ad807 100644
>> --- a/drivers/net/ppp/pptp.c
>> +++ b/drivers/net/ppp/pptp.c
>> @@ -419,6 +419,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
>> struct pptp_opt *opt = &po->proto.pptp;
>> int error = 0;
>>
>> + if (sockaddr_len < sizeof(*sp))
>> + return -EINVAL;
>> +
>
> I sent a very similar patch:
> https://patchwork.ozlabs.org/patch/556663/
Ah, thanks. Did not notice. The connect() part is also already in my
queue, but I don't think it solves the use-after-free. The RCU
implementation of callid_sock seems broken to me.
David, discard my patch.
Thanks,
Hannes
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-12-14 23:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-14 22:45 [PATCH net] pptp: validate sockaddr_len before binding Hannes Frederic Sowa
2015-12-14 22:58 ` Cong Wang
2015-12-14 23:33 ` Hannes Frederic Sowa
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.