| From: Guillaume Nault <g.nault@alphalink.fr> |
| Date: Mon, 23 Apr 2018 16:38:27 +0200 |
| Subject: pppoe: check sockaddr length in pppoe_connect() |
| |
| commit a49e2f5d5fb141884452ddb428f551b123d436b5 upstream. |
| |
| We must validate sockaddr_len, otherwise userspace can pass fewer data |
| than we expect and we end up accessing invalid data. |
| |
| Fixes: 224cf5ad14c0 ("ppp: Move the PPP drivers") |
| Reported-by: syzbot+4f03bdf92fdf9ef5ddab@syzkaller.appspotmail.com |
| Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| drivers/net/ppp/pppoe.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| --- a/drivers/net/ppp/pppoe.c |
| +++ b/drivers/net/ppp/pppoe.c |
| @@ -615,6 +615,10 @@ static int pppoe_connect(struct socket * |
| lock_sock(sk); |
| |
| error = -EINVAL; |
| + |
| + if (sockaddr_len != sizeof(struct sockaddr_pppox)) |
| + goto end; |
| + |
| if (sp->sa_protocol != PX_PROTO_OE) |
| goto end; |
| |