aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/bluetooth/l2cap.c3
-rw-r--r--net/bluetooth/rfcomm/sock.c3
-rw-r--r--net/bluetooth/sco.c3
-rw-r--r--net/can/bcm.c3
-rw-r--r--net/ieee802154/af_ieee802154.c3
-rw-r--r--net/ipv4/af_inet.c5
-rw-r--r--net/netlink/af_netlink.c3
7 files changed, 20 insertions, 3 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 7794a2e2adce..99d68c34e4f1 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1002,7 +1002,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
1002 1002
1003 BT_DBG("sk %p", sk); 1003 BT_DBG("sk %p", sk);
1004 1004
1005 if (!addr || addr->sa_family != AF_BLUETOOTH) 1005 if (!addr || alen < sizeof(addr->sa_family) ||
1006 addr->sa_family != AF_BLUETOOTH)
1006 return -EINVAL; 1007 return -EINVAL;
1007 1008
1008 memset(&la, 0, sizeof(la)); 1009 memset(&la, 0, sizeof(la));
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 7f439765403d..8ed3c37684fa 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -397,7 +397,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a
397 397
398 BT_DBG("sk %p", sk); 398 BT_DBG("sk %p", sk);
399 399
400 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 400 if (alen < sizeof(struct sockaddr_rc) ||
401 addr->sa_family != AF_BLUETOOTH)
401 return -EINVAL; 402 return -EINVAL;
402 403
403 lock_sock(sk); 404 lock_sock(sk);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index e5b16b76b22e..ca6b2ad1c3fc 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -499,7 +499,8 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
499 499
500 BT_DBG("sk %p", sk); 500 BT_DBG("sk %p", sk);
501 501
502 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_sco)) 502 if (alen < sizeof(struct sockaddr_sco) ||
503 addr->sa_family != AF_BLUETOOTH)
503 return -EINVAL; 504 return -EINVAL;
504 505
505 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 506 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
diff --git a/net/can/bcm.c b/net/can/bcm.c
index e32af52238a2..629ad1debe81 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -1478,6 +1478,9 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len,
1478 struct sock *sk = sock->sk; 1478 struct sock *sk = sock->sk;
1479 struct bcm_sock *bo = bcm_sk(sk); 1479 struct bcm_sock *bo = bcm_sk(sk);
1480 1480
1481 if (len < sizeof(*addr))
1482 return -EINVAL;
1483
1481 if (bo->bound) 1484 if (bo->bound)
1482 return -EISCONN; 1485 return -EISCONN;
1483 1486
diff --git a/net/ieee802154/af_ieee802154.c b/net/ieee802154/af_ieee802154.c
index bad1c49fd960..01beb6c11205 100644
--- a/net/ieee802154/af_ieee802154.c
+++ b/net/ieee802154/af_ieee802154.c
@@ -126,6 +126,9 @@ static int ieee802154_sock_connect(struct socket *sock, struct sockaddr *uaddr,
126{ 126{
127 struct sock *sk = sock->sk; 127 struct sock *sk = sock->sk;
128 128
129 if (addr_len < sizeof(uaddr->sa_family))
130 return -EINVAL;
131
129 if (uaddr->sa_family == AF_UNSPEC) 132 if (uaddr->sa_family == AF_UNSPEC)
130 return sk->sk_prot->disconnect(sk, flags); 133 return sk->sk_prot->disconnect(sk, flags);
131 134
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 33b7dffa7732..a366861bf4cd 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -530,6 +530,8 @@ int inet_dgram_connect(struct socket *sock, struct sockaddr * uaddr,
530{ 530{
531 struct sock *sk = sock->sk; 531 struct sock *sk = sock->sk;
532 532
533 if (addr_len < sizeof(uaddr->sa_family))
534 return -EINVAL;
533 if (uaddr->sa_family == AF_UNSPEC) 535 if (uaddr->sa_family == AF_UNSPEC)
534 return sk->sk_prot->disconnect(sk, flags); 536 return sk->sk_prot->disconnect(sk, flags);
535 537
@@ -573,6 +575,9 @@ int inet_stream_connect(struct socket *sock, struct sockaddr *uaddr,
573 int err; 575 int err;
574 long timeo; 576 long timeo;
575 577
578 if (addr_len < sizeof(uaddr->sa_family))
579 return -EINVAL;
580
576 lock_sock(sk); 581 lock_sock(sk);
577 582
578 if (uaddr->sa_family == AF_UNSPEC) { 583 if (uaddr->sa_family == AF_UNSPEC) {
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index acbbae1e89b5..795424396aff 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -683,6 +683,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
683 struct netlink_sock *nlk = nlk_sk(sk); 683 struct netlink_sock *nlk = nlk_sk(sk);
684 struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr; 684 struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
685 685
686 if (alen < sizeof(addr->sa_family))
687 return -EINVAL;
688
686 if (addr->sa_family == AF_UNSPEC) { 689 if (addr->sa_family == AF_UNSPEC) {
687 sk->sk_state = NETLINK_UNCONNECTED; 690 sk->sk_state = NETLINK_UNCONNECTED;
688 nlk->dst_pid = 0; 691 nlk->dst_pid = 0;