diff options
-rw-r--r-- | net/bluetooth/l2cap.c | 3 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/sock.c | 3 | ||||
-rw-r--r-- | net/bluetooth/sco.c | 3 | ||||
-rw-r--r-- | net/can/bcm.c | 3 | ||||
-rw-r--r-- | net/ieee802154/af_ieee802154.c | 3 | ||||
-rw-r--r-- | net/ipv4/af_inet.c | 5 | ||||
-rw-r--r-- | net/netlink/af_netlink.c | 3 |
7 files changed, 20 insertions, 3 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 7794a2e2adce..99d68c34e4f1 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c | |||
@@ -1002,7 +1002,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al | |||
1002 | 1002 | ||
1003 | BT_DBG("sk %p", sk); | 1003 | BT_DBG("sk %p", sk); |
1004 | 1004 | ||
1005 | if (!addr || addr->sa_family != AF_BLUETOOTH) | 1005 | if (!addr || alen < sizeof(addr->sa_family) || |
1006 | addr->sa_family != AF_BLUETOOTH) | ||
1006 | return -EINVAL; | 1007 | return -EINVAL; |
1007 | 1008 | ||
1008 | memset(&la, 0, sizeof(la)); | 1009 | memset(&la, 0, sizeof(la)); |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 7f439765403d..8ed3c37684fa 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
@@ -397,7 +397,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a | |||
397 | 397 | ||
398 | BT_DBG("sk %p", sk); | 398 | BT_DBG("sk %p", sk); |
399 | 399 | ||
400 | if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) | 400 | if (alen < sizeof(struct sockaddr_rc) || |
401 | addr->sa_family != AF_BLUETOOTH) | ||
401 | return -EINVAL; | 402 | return -EINVAL; |
402 | 403 | ||
403 | lock_sock(sk); | 404 | lock_sock(sk); |
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index e5b16b76b22e..ca6b2ad1c3fc 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
@@ -499,7 +499,8 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen | |||
499 | 499 | ||
500 | BT_DBG("sk %p", sk); | 500 | BT_DBG("sk %p", sk); |
501 | 501 | ||
502 | if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_sco)) | 502 | if (alen < sizeof(struct sockaddr_sco) || |
503 | addr->sa_family != AF_BLUETOOTH) | ||
503 | return -EINVAL; | 504 | return -EINVAL; |
504 | 505 | ||
505 | if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) | 506 | if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) |
diff --git a/net/can/bcm.c b/net/can/bcm.c index e32af52238a2..629ad1debe81 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c | |||
@@ -1478,6 +1478,9 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, | |||
1478 | struct sock *sk = sock->sk; | 1478 | struct sock *sk = sock->sk; |
1479 | struct bcm_sock *bo = bcm_sk(sk); | 1479 | struct bcm_sock *bo = bcm_sk(sk); |
1480 | 1480 | ||
1481 | if (len < sizeof(*addr)) | ||
1482 | return -EINVAL; | ||
1483 | |||
1481 | if (bo->bound) | 1484 | if (bo->bound) |
1482 | return -EISCONN; | 1485 | return -EISCONN; |
1483 | 1486 | ||
diff --git a/net/ieee802154/af_ieee802154.c b/net/ieee802154/af_ieee802154.c index bad1c49fd960..01beb6c11205 100644 --- a/net/ieee802154/af_ieee802154.c +++ b/net/ieee802154/af_ieee802154.c | |||
@@ -126,6 +126,9 @@ static int ieee802154_sock_connect(struct socket *sock, struct sockaddr *uaddr, | |||
126 | { | 126 | { |
127 | struct sock *sk = sock->sk; | 127 | struct sock *sk = sock->sk; |
128 | 128 | ||
129 | if (addr_len < sizeof(uaddr->sa_family)) | ||
130 | return -EINVAL; | ||
131 | |||
129 | if (uaddr->sa_family == AF_UNSPEC) | 132 | if (uaddr->sa_family == AF_UNSPEC) |
130 | return sk->sk_prot->disconnect(sk, flags); | 133 | return sk->sk_prot->disconnect(sk, flags); |
131 | 134 | ||
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 33b7dffa7732..a366861bf4cd 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c | |||
@@ -530,6 +530,8 @@ int inet_dgram_connect(struct socket *sock, struct sockaddr * uaddr, | |||
530 | { | 530 | { |
531 | struct sock *sk = sock->sk; | 531 | struct sock *sk = sock->sk; |
532 | 532 | ||
533 | if (addr_len < sizeof(uaddr->sa_family)) | ||
534 | return -EINVAL; | ||
533 | if (uaddr->sa_family == AF_UNSPEC) | 535 | if (uaddr->sa_family == AF_UNSPEC) |
534 | return sk->sk_prot->disconnect(sk, flags); | 536 | return sk->sk_prot->disconnect(sk, flags); |
535 | 537 | ||
@@ -573,6 +575,9 @@ int inet_stream_connect(struct socket *sock, struct sockaddr *uaddr, | |||
573 | int err; | 575 | int err; |
574 | long timeo; | 576 | long timeo; |
575 | 577 | ||
578 | if (addr_len < sizeof(uaddr->sa_family)) | ||
579 | return -EINVAL; | ||
580 | |||
576 | lock_sock(sk); | 581 | lock_sock(sk); |
577 | 582 | ||
578 | if (uaddr->sa_family == AF_UNSPEC) { | 583 | if (uaddr->sa_family == AF_UNSPEC) { |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index acbbae1e89b5..795424396aff 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
@@ -683,6 +683,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, | |||
683 | struct netlink_sock *nlk = nlk_sk(sk); | 683 | struct netlink_sock *nlk = nlk_sk(sk); |
684 | struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr; | 684 | struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr; |
685 | 685 | ||
686 | if (alen < sizeof(addr->sa_family)) | ||
687 | return -EINVAL; | ||
688 | |||
686 | if (addr->sa_family == AF_UNSPEC) { | 689 | if (addr->sa_family == AF_UNSPEC) { |
687 | sk->sk_state = NETLINK_UNCONNECTED; | 690 | sk->sk_state = NETLINK_UNCONNECTED; |
688 | nlk->dst_pid = 0; | 691 | nlk->dst_pid = 0; |