diff options
| author | Changli Gao | 2010-04-01 00:58:26 +0200 |
|---|---|---|
| committer | David S. Miller | 2010-04-02 02:26:01 +0200 |
| commit | 6503d96168f891ffa3b70ae6c9698a1a722025a0 (patch) | |
| tree | 9fafcd9eb2c0b3feda0cf4c36e4167ba3028d83a /net/bluetooth/l2cap.c | |
| parent | stmmac: add documentation for the driver. (diff) | |
| download | kernel-qcow2-linux-6503d96168f891ffa3b70ae6c9698a1a722025a0.tar.gz kernel-qcow2-linux-6503d96168f891ffa3b70ae6c9698a1a722025a0.tar.xz kernel-qcow2-linux-6503d96168f891ffa3b70ae6c9698a1a722025a0.zip | |
net: check the length of the socket address passed to connect(2)
check the length of the socket address passed to connect(2).
Check the length of the socket address passed to connect(2). If the
length is invalid, -EINVAL will be returned.
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
----
net/bluetooth/l2cap.c | 3 ++-
net/bluetooth/rfcomm/sock.c | 3 ++-
net/bluetooth/sco.c | 3 ++-
net/can/bcm.c | 3 +++
net/ieee802154/af_ieee802154.c | 3 +++
net/ipv4/af_inet.c | 5 +++++
net/netlink/af_netlink.c | 3 +++
7 files changed, 20 insertions(+), 3 deletions(-)
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth/l2cap.c')
| -rw-r--r-- | net/bluetooth/l2cap.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 7794a2e2adce..99d68c34e4f1 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c @@ -1002,7 +1002,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al BT_DBG("sk %p", sk); - if (!addr || addr->sa_family != AF_BLUETOOTH) + if (!addr || alen < sizeof(addr->sa_family) || + addr->sa_family != AF_BLUETOOTH) return -EINVAL; memset(&la, 0, sizeof(la)); |