From: Alexander Potapenko <glider@google.com>
Date: Fri, 23 Mar 2018 12:49:02 +0000 (+0100)
Subject: netlink: make sure nladdr has correct size in netlink_connect()
X-Git-Tag: v3.2.102~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85612401b97f42ca3addf3d5786cc6de4fcb8fda;p=thirdparty%2Fkernel%2Fstable.git

netlink: make sure nladdr has correct size in netlink_connect()

commit 7880287981b60a6808f39f297bb66936e8bdf57a upstream.

KMSAN reports use of uninitialized memory in the case when |alen| is
smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't
fully copied from the userspace.

Signed-off-by: Alexander Potapenko <glider@google.com>
Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2")
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 2369e9620aa4c..d1017ad64edc7 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -706,6 +706,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
 	if (addr->sa_family != AF_NETLINK)
 		return -EINVAL;
 
+	if (alen < sizeof(struct sockaddr_nl))
+		return -EINVAL;
+
 	/* Only superuser is allowed to send multicasts */
 	if (nladdr->nl_groups && !netlink_capable(sock, NL_NONROOT_SEND))
 		return -EPERM;