diff options
author | Eugene Syromiatnikov <esyr@redhat.com> | 2021-11-03 22:09:46 +0300 |
---|---|---|
committer | Joel Stanley <joel@jms.id.au> | 2022-03-18 03:37:29 +0300 |
commit | cbe542c23bf9032d0839a21cb20d07f4d86bfff1 (patch) | |
tree | 2f8e7879f5df6e6d51380c140eee81fe7b0addc7 /net/mctp | |
parent | 8076763b378e560dc50eb357a6b6d6c6f12e5ac4 (diff) | |
download | linux-cbe542c23bf9032d0839a21cb20d07f4d86bfff1.tar.xz |
mctp: handle the struct sockaddr_mctp_ext padding field
struct sockaddr_mctp_ext.__smctp_paddin0 has to be checked for being set
to zero, otherwise it cannot be utilised in the future.
OpenBMC-Staging-Count: 1
Fixes: 99ce45d5e7dbde39 ("mctp: Implement extended addressing")
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Acked-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit e9ea574ec1c27e555e7f78cbbcd28af91889d529)
Signed-off-by: Joel Stanley <joel@jms.id.au>
Diffstat (limited to 'net/mctp')
-rw-r--r-- | net/mctp/af_mctp.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/net/mctp/af_mctp.c b/net/mctp/af_mctp.c index bc88159f8844..871cf6266125 100644 --- a/net/mctp/af_mctp.c +++ b/net/mctp/af_mctp.c @@ -39,6 +39,13 @@ static bool mctp_sockaddr_is_ok(const struct sockaddr_mctp *addr) return !addr->__smctp_pad0 && !addr->__smctp_pad1; } +static bool mctp_sockaddr_ext_is_ok(const struct sockaddr_mctp_ext *addr) +{ + return !addr->__smctp_pad0[0] && + !addr->__smctp_pad0[1] && + !addr->__smctp_pad0[2]; +} + static int mctp_bind(struct socket *sock, struct sockaddr *addr, int addrlen) { struct sock *sk = sock->sk; @@ -135,7 +142,8 @@ static int mctp_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) DECLARE_SOCKADDR(struct sockaddr_mctp_ext *, extaddr, msg->msg_name); - if (extaddr->smctp_halen > sizeof(cb->haddr)) { + if (!mctp_sockaddr_ext_is_ok(extaddr) || + extaddr->smctp_halen > sizeof(cb->haddr)) { rc = -EINVAL; goto err_free; } @@ -224,6 +232,7 @@ static int mctp_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, msg->msg_namelen = sizeof(*ae); ae->smctp_ifindex = cb->ifindex; ae->smctp_halen = cb->halen; + memset(ae->__smctp_pad0, 0x0, sizeof(ae->__smctp_pad0)); memset(ae->smctp_haddr, 0x0, sizeof(ae->smctp_haddr)); memcpy(ae->smctp_haddr, cb->haddr, cb->halen); } |