I missed that upstream commit from Changli Gao.
http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=
6503d96168f891ffa3b70ae6c9698a1a722025a0
So here it comes for the BerliOS trunk also ... (in branches/j1939 it is already included)
Check the length of the socket address passed to connect(2). If the
length is invalid, -EINVAL will be returned.
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
git-svn-id: svn://svn.berlios.de//socketcan/trunk@1251
030b6a49-0b11-0410-94ab-
b0dab22257f2
struct sock *sk = sock->sk;
struct bcm_sock *bo = bcm_sk(sk);
+ if (len < sizeof(*addr))
+ return -EINVAL;
+
if (bo->bound)
return -EISCONN;