Skip to content

Commit

Permalink
kernel: net: don't call strlen() on the user buffer in packet_bind_sp…
Browse files Browse the repository at this point in the history 
…kt()

[ Upstream 540e2894f7 ]
  • Loading branch information
@ramosian-glider @lly-dev
ramosian-glider authored and lly-dev committed Mar 31, 2017
1 parent 19345d7 commit 15c2454
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions linux/linux-2.6.22.19/net/packet/af_packet.c
View file
Expand Up @@ -1310,7 +1310,7 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 protoc
static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int addr_len)
{
struct sock *sk=sock->sk;
char name[15];
char name[sizeof(uaddr->sa_data) + 1];
struct net_device *dev;
int err = -ENODEV;

Expand All @@ -1320,7 +1320,11 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int add

if (addr_len != sizeof(struct sockaddr))
return -EINVAL;
strlcpy(name,uaddr->sa_data,sizeof(name));
/* uaddr->sa_data comes from the userspace, it's not guaranteed to be
* zero-terminated.
*/
memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data));
name[sizeof(uaddr->sa_data)] = 0;

dev = dev_get_by_name(name);
if (dev) {
Expand Down

0 comments on commit 15c2454

Please sign in to comment.