1 files changed, 14 insertions, 10 deletions

diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 7d361cd53ad5..9b81813dd16a 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2602,8 +2602,8 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
         void *ph;
         DECLARE_SOCKADDR(struct sockaddr_ll *, saddr, msg->msg_name);
         bool need_wait = !(msg->msg_flags & MSG_DONTWAIT);
+        unsigned char *addr = NULL;
         int tp_len, size_max;
-        unsigned char *addr;
         void *data;
         int len_sum = 0;
         int status = TP_STATUS_AVAILABLE;
@@ -2614,7 +2614,6 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
         if (likely(saddr == NULL)) {
                 dev     = packet_cached_dev_get(po);
                 proto   = po->num;
-                addr    = NULL;
         } else {
                 err = -EINVAL;
                 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
@@ -2624,10 +2623,13 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
                                                 sll_addr)))
                         goto out;
                 proto   = saddr->sll_protocol;
-                addr    = saddr->sll_halen ? saddr->sll_addr : NULL;
                 dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
-                if (addr && dev && saddr->sll_halen < dev->addr_len)
-                        goto out_put;
+                if (po->sk.sk_socket->type == SOCK_DGRAM) {
+                        if (dev && msg->msg_namelen < dev->addr_len +
+                                   offsetof(struct sockaddr_ll, sll_addr))
+                                goto out_put;
+                        addr = saddr->sll_addr;
+                }
         }
 
         err = -ENXIO;
@@ -2799,7 +2801,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
         struct sk_buff *skb;
         struct net_device *dev;
         __be16 proto;
-        unsigned char *addr;
+        unsigned char *addr = NULL;
         int err, reserve = 0;
         struct sockcm_cookie sockc;
         struct virtio_net_hdr vnet_hdr = { 0 };
@@ -2816,7 +2818,6 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
         if (likely(saddr == NULL)) {
                 dev     = packet_cached_dev_get(po);
                 proto   = po->num;
-                addr    = NULL;
         } else {
                 err = -EINVAL;
                 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
@@ -2824,10 +2825,13 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
                 if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr)))
                         goto out;
                 proto   = saddr->sll_protocol;
-                addr    = saddr->sll_halen ? saddr->sll_addr : NULL;
                 dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
-                if (addr && dev && saddr->sll_halen < dev->addr_len)
-                        goto out_unlock;
+                if (sock->type == SOCK_DGRAM) {
+                        if (dev && msg->msg_namelen < dev->addr_len +
+                                   offsetof(struct sockaddr_ll, sll_addr))
+                                goto out_unlock;
+                        addr = saddr->sll_addr;
+                }
         }
 
         err = -ENXIO;