From: hartkopp <hartkopp@030b6a49-0b11-0410-94ab-b0dab22257f2>
Date: Tue, 3 May 2011 11:39:23 +0000 (+0000)
Subject: net: check the length of the socket address passed to connect(2)
X-Git-Url: http://rtime.felk.cvut.cz/gitweb/socketcan-devel.git/commitdiff_plain/624588b4b46a9d5a968f7f000e480f8cbb8599a8

net: check the length of the socket address passed to connect(2)

I missed that upstream commit from Changli Gao.
http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git;a=commitdiff;h=6503d96168f891ffa3b70ae6c9698a1a722025a0
So here it comes for the BerliOS trunk also ... (in branches/j1939 it is already included)

Check the length of the socket address passed to connect(2). If the
length is invalid, -EINVAL will be returned.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>


git-svn-id: svn://svn.berlios.de//socketcan/trunk@1251 030b6a49-0b11-0410-94ab-b0dab22257f2
---

diff --git a/kernel/2.6/net/can/bcm.c b/kernel/2.6/net/can/bcm.c
index e552e88..e293c7e 100644
--- a/kernel/2.6/net/can/bcm.c
+++ b/kernel/2.6/net/can/bcm.c
@@ -1628,6 +1628,9 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len,
 	struct sock *sk = sock->sk;
 	struct bcm_sock *bo = bcm_sk(sk);
 
+	if (len < sizeof(*addr))
+		return -EINVAL;
+
 	if (bo->bound)
 		return -EISCONN;