From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95056C76190 for ; Mon, 22 Jul 2019 17:38:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 69ADE21901 for ; Mon, 22 Jul 2019 17:38:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZG2cN7fL" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728942AbfGVRiS (ORCPT ); Mon, 22 Jul 2019 13:38:18 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:36729 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727357AbfGVRiR (ORCPT ); Mon, 22 Jul 2019 13:38:17 -0400 Received: by mail-pg1-f195.google.com with SMTP id l21so17999667pgm.3; Mon, 22 Jul 2019 10:38:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=4nTsJr0BJdt7hLDpJFRZ1Mt40a//R9eaBytHtJA1GjY=; b=ZG2cN7fL+KGqz6AQfwFdAFWx7oRwld8bfKwkz02/HfqceFgiqmJ6a592zOiUDcMrQA iuvl/haDdEF6ZnvYp8CusaufY47ohWbYa1TFBWS4ynNu82lkk2tb8ZEStniSKUIAXRcl G8/5vCBfwKvlWeKxAMvtgY3Fn6BWJNvPEX3gQmQHd8QrXPbrYqV9ukDFheC/6Z/MLWZV 7bRTMSuvNnqcwA1H9Z3JiLV3KNCgCNJQzsRTQ76VO3+qWQCvVJYixvs5hIPFrFbwjEIL jbOevQkDdIO+pdYTEQyydfIKzkeMFkEKNR8/oqbWyWW9qmIcNArE64xSdlQzN4t2lDPA tfXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=4nTsJr0BJdt7hLDpJFRZ1Mt40a//R9eaBytHtJA1GjY=; b=gHp0iSbBgWj7EpwOFLYIQaijnikVxawXkyyXswztLIuj4hD4JRLnqKYby6Dbkdusz/ LiTxtA8N634Djb4K/YfhzkUFeJfpveFYICflDpTXcRQtAOpib5FURl+tRNq5C97Ff6MD yes0gVRllJPF64iXE4vlb1OeCUqvOLOT87VuZW49TSA9SSvcAZ3Q8zQHyfp4pruopCKe j1yvyqcujWvufy5kzmgmSWx1c6srTrCc9Jq+Ot84o89Lzinq3VA56HVp6vforiwyVta2 I9F7nleZ7FIgH1XOsyGp/Yr/IH9BsqQfmunZaV4gEyuWPHdRWM2FcpbFsritFkzFwYtF i9VA== X-Gm-Message-State: APjAAAX6n9KVKKc6z0onzqNzLabhKaNMgjYV1xb+co0m6Hw+ygdWOVRn JZJrKEm7r4jkNqzaIuDU5BlJEqdv X-Google-Smtp-Source: APXvYqxzXuhvxLy1iXL9jZDPlNtXygTKbXobBcdaK7T6eqerjS/kB/8gEwE4ZU8EWmm/4UZamIUGfQ== X-Received: by 2002:a63:5452:: with SMTP id e18mr56328609pgm.232.1563817096899; Mon, 22 Jul 2019 10:38:16 -0700 (PDT) Received: from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id a3sm48852857pje.3.2019.07.22.10.38.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Jul 2019 10:38:16 -0700 (PDT) From: Xin Long To: network dev , linux-sctp@vger.kernel.org Cc: Marcelo Ricardo Leitner , Neil Horman , davem@davemloft.net Subject: [PATCH net-next 1/4] sctp: check addr_size with sa_family_t size in __sctp_setsockopt_connectx Date: Tue, 23 Jul 2019 01:37:57 +0800 Message-Id: X-Mailer: git-send-email 2.1.0 In-Reply-To: References: In-Reply-To: References: Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Now __sctp_connect() is called by __sctp_setsockopt_connectx() and sctp_inet_connect(), the latter has done addr_size check with size of sa_family_t. In the next patch to clean up __sctp_connect(), we will remove addr_size check with size of sa_family_t from __sctp_connect() for the 1st address. So before doing that, __sctp_setsockopt_connectx() should do this check first, as sctp_inet_connect() does. Signed-off-by: Xin Long --- net/sctp/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index aa80cda..5f92e4a 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1311,7 +1311,7 @@ static int __sctp_setsockopt_connectx(struct sock *sk, pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n", __func__, sk, addrs, addrs_size); - if (unlikely(addrs_size <= 0)) + if (unlikely(addrs_size < sizeof(sa_family_t))) return -EINVAL; kaddrs = memdup_user(addrs, addrs_size); -- 2.1.0 From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xin Long Date: Mon, 22 Jul 2019 17:37:57 +0000 Subject: [PATCH net-next 1/4] sctp: check addr_size with sa_family_t size in __sctp_setsockopt_connectx Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: network dev , linux-sctp@vger.kernel.org Cc: Marcelo Ricardo Leitner , Neil Horman , davem@davemloft.net Now __sctp_connect() is called by __sctp_setsockopt_connectx() and sctp_inet_connect(), the latter has done addr_size check with size of sa_family_t. In the next patch to clean up __sctp_connect(), we will remove addr_size check with size of sa_family_t from __sctp_connect() for the 1st address. So before doing that, __sctp_setsockopt_connectx() should do this check first, as sctp_inet_connect() does. Signed-off-by: Xin Long --- net/sctp/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index aa80cda..5f92e4a 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1311,7 +1311,7 @@ static int __sctp_setsockopt_connectx(struct sock *sk, pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n", __func__, sk, addrs, addrs_size); - if (unlikely(addrs_size <= 0)) + if (unlikely(addrs_size < sizeof(sa_family_t))) return -EINVAL; kaddrs = memdup_user(addrs, addrs_size); -- 2.1.0