From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932951AbbCXRmQ (ORCPT ); Tue, 24 Mar 2015 13:42:16 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:33394 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964781AbbCXRDT (ORCPT ); Tue, 24 Mar 2015 13:03:19 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Al Viro , "David S. Miller" Subject: [PATCH 3.19 022/123] net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom Date: Tue, 24 Mar 2015 16:45:31 +0100 Message-Id: <20150324154424.999074664@linuxfoundation.org> X-Mailer: git-send-email 2.3.3 In-Reply-To: <20150324154423.655554012@linuxfoundation.org> References: <20150324154423.655554012@linuxfoundation.org> User-Agent: quilt/0.64 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Al Viro commit 4de930efc23b92ddf88ce91c405ee645fe6e27ea upstream. Signed-off-by: Al Viro Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/socket.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/net/socket.c +++ b/net/socket.c @@ -1765,6 +1765,8 @@ SYSCALL_DEFINE6(sendto, int, fd, void __ if (len > INT_MAX) len = INT_MAX; + if (unlikely(!access_ok(VERIFY_READ, buff, len))) + return -EFAULT; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; @@ -1823,6 +1825,8 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void if (size > INT_MAX) size = INT_MAX; + if (unlikely(!access_ok(VERIFY_WRITE, ubuf, size))) + return -EFAULT; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out;