git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Haimin Zhang <tcs.kernel@gmail.com>
	Thu, 8 Sep 2022 12:19:27 +0000 (20:19 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 26 Oct 2022 11:15:34 +0000 (13:15 +0200)
commit	f4075717937c8ab692d6e35ecc100fffc528ac0c
tree	f0ad1dcb4c036db1dfa85cf344af04a22fcb185e	tree
parent	4d9a46b9593573503485050f7b08d1afa3412dfb	commit \| diff

net/ieee802154: fix uninit value bug in dgram_sendmsg

[ Upstream commit 94160108a70c8af17fa1484a37e05181c0e094af ]

There is uninit value bug in dgram_sendmsg function in
net/ieee802154/socket.c when the length of valid data pointed by the
msg->msg_name isn't verified.

We introducing a helper function ieee802154_sockaddr_check_size to
check namelen. First we check there is addr_type in ieee802154_addr_sa.
Then, we check namelen according to addr_type.

Also fixed in raw_bind, dgram_bind, dgram_connect.

Signed-off-by: Haimin Zhang <tcs_kernel@tencent.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/net/ieee802154_netdev.h		diff \| blob \| blame \| history
net/ieee802154/socket.c		diff \| blob \| blame \| history