Commit e9ea574e authored by Eugene Syromiatnikov's avatar Eugene Syromiatnikov Committed by Jakub Kicinski

mctp: handle the struct sockaddr_mctp_ext padding field

struct sockaddr_mctp_ext.__smctp_paddin0 has to be checked for being set
to zero, otherwise it cannot be utilised in the future.

Fixes: 99ce45d5 ("mctp: Implement extended addressing")
Signed-off-by: default avatarEugene Syromiatnikov <esyr@redhat.com>
Acked-by: default avatarJeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 1e4b50f0
...@@ -39,6 +39,13 @@ static bool mctp_sockaddr_is_ok(const struct sockaddr_mctp *addr) ...@@ -39,6 +39,13 @@ static bool mctp_sockaddr_is_ok(const struct sockaddr_mctp *addr)
return !addr->__smctp_pad0 && !addr->__smctp_pad1; return !addr->__smctp_pad0 && !addr->__smctp_pad1;
} }
static bool mctp_sockaddr_ext_is_ok(const struct sockaddr_mctp_ext *addr)
{
return !addr->__smctp_pad0[0] &&
!addr->__smctp_pad0[1] &&
!addr->__smctp_pad0[2];
}
static int mctp_bind(struct socket *sock, struct sockaddr *addr, int addrlen) static int mctp_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
{ {
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
...@@ -135,7 +142,8 @@ static int mctp_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) ...@@ -135,7 +142,8 @@ static int mctp_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
DECLARE_SOCKADDR(struct sockaddr_mctp_ext *, DECLARE_SOCKADDR(struct sockaddr_mctp_ext *,
extaddr, msg->msg_name); extaddr, msg->msg_name);
if (extaddr->smctp_halen > sizeof(cb->haddr)) { if (!mctp_sockaddr_ext_is_ok(extaddr) ||
extaddr->smctp_halen > sizeof(cb->haddr)) {
rc = -EINVAL; rc = -EINVAL;
goto err_free; goto err_free;
} }
...@@ -224,6 +232,7 @@ static int mctp_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, ...@@ -224,6 +232,7 @@ static int mctp_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
msg->msg_namelen = sizeof(*ae); msg->msg_namelen = sizeof(*ae);
ae->smctp_ifindex = cb->ifindex; ae->smctp_ifindex = cb->ifindex;
ae->smctp_halen = cb->halen; ae->smctp_halen = cb->halen;
memset(ae->__smctp_pad0, 0x0, sizeof(ae->__smctp_pad0));
memset(ae->smctp_haddr, 0x0, sizeof(ae->smctp_haddr)); memset(ae->smctp_haddr, 0x0, sizeof(ae->smctp_haddr));
memcpy(ae->smctp_haddr, cb->haddr, cb->halen); memcpy(ae->smctp_haddr, cb->haddr, cb->halen);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment