pptp: verify sockaddr_len in pptp_bind() and pptp_connect()

author WANG Cong <xiyou.wangcong@gmail.com>

Mon, 14 Dec 2015 21:48:36 +0000 (13:48 -0800)

committer Ben Hutchings <ben@decadent.org.uk>

Wed, 30 Dec 2015 02:26:03 +0000 (02:26 +0000)
author WANG Cong <xiyou.wangcong@gmail.com>
Mon, 14 Dec 2015 21:48:36 +0000 (13:48 -0800)
committer Ben Hutchings <ben@decadent.org.uk>
Wed, 30 Dec 2015 02:26:03 +0000 (02:26 +0000)
diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c

index c974581..165ee14 100644 (file)
--- a/drivers/net/ppp/pptp.c
+++ b/drivers/net/ppp/pptp.c
@@ -420,6 +420,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
         struct pptp_opt *opt = &po->proto.pptp;
         int error = 0;
  
+       if (sockaddr_len < sizeof(struct sockaddr_pppox))
+               return -EINVAL;
+
         lock_sock(sk);
  
         opt->src_addr = sp->sa_addr.pptp;
@@ -441,6 +444,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
         struct flowi4 fl4;
         int error = 0;
  
+       if (sockaddr_len < sizeof(struct sockaddr_pppox))
+               return -EINVAL;
+
         if (sp->sa_protocol != PX_PROTO_PPTP)
                 return -EINVAL;
author	WANG Cong <xiyou.wangcong@gmail.com>
	Mon, 14 Dec 2015 21:48:36 +0000 (13:48 -0800)
committer	Ben Hutchings <ben@decadent.org.uk>
	Wed, 30 Dec 2015 02:26:03 +0000 (02:26 +0000)