net: check the length of the socket address passed to connect(2)

I missed that upstream commit from Changli Gao.
http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=6503d96168f891ffa3b70ae6c9698a1a722025a0
So here it comes for the BerliOS trunk also ... (in branches/j1939 it is already included)

Check the length of the socket address passed to connect(2). If the
length is invalid, -EINVAL will be returned.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
git-svn-id: svn://svn.berlios.de//socketcan/trunk@1251 030b6a49-0b11-0410-94ab-b0dab22257f2

diff --git a/kernel/2.6/net/can/bcm.c b/kernel/2.6/net/can/bcm.c
index e552e883258e9fa88c7fcb00af8f9bce73347f0e..e293c7e11ac4cb6458e1f9e9b0fe49e2115e996e 100644 (file)
--- a/kernel/2.6/net/can/bcm.c
+++ b/kernel/2.6/net/can/bcm.c
@@ -1628,6 +1628,9 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len,
        struct sock *sk = sock->sk;
        struct bcm_sock *bo = bcm_sk(sk);
 
+       if (len < sizeof(*addr))
+               return -EINVAL;
+
        if (bo->bound)
                return -EISCONN;