Google Git
Sign in
kernel / pub / scm / linux / kernel / git / kees / linux.git / 464af5601a2e9ed0ba825f4af0a2f7ebb02db36f
commit464af5601a2e9ed0ba825f4af0a2f7ebb02db36f[log] [tgz]
authorKees Cook <kees@kernel.org>Tue Jul 15 12:44:34 2025 -0700
committerKees Cook <kees@kernel.org>Thu Oct 09 20:30:23 2025 -0700
treed6fc0f90325ad749c93c34b52eeeadfca0b431cf
parentf51e9c7acc3a597afd91ca1d2e9122852cdea6f6 [diff]
bpf: Add size validation to bpf_sock_addr_set_sun_path()

Add defensive size validation to bpf_sock_addr_set_sun_path() before
writing to the sockaddr buffer. While the underlying buffer is guaranteed
to be sockaddr_storage (128 bytes) from the bind() syscall path, the
function should validate that "sa_kern->uaddrlen" is sufficient for the
sockaddr_un structure being written.

The validation checks that the available buffer size ("sa_kern->uaddrlen")
can accommodate both the sockaddr_un header and the requested path length
before performing the memcpy() operation.

Signed-off-by: Kees Cook <kees@kernel.org>
1 file changed
tree: d6fc0f90325ad749c93c34b52eeeadfca0b431cf
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. Next/
  18. rust/
  19. samples/
  20. scripts/
  21. security/
  22. sound/
  23. tools/
  24. usr/
  25. virt/
  26. .clang-format
  27. .clippy.toml
  28. .cocciconfig
  29. .editorconfig
  30. .get_maintainer.ignore
  31. .gitattributes
  32. .gitignore
  33. .mailmap
  34. .pylintrc
  35. .rustfmt.toml
  36. COPYING
  37. CREDITS
  38. Kbuild
  39. Kconfig
  40. localversion-next
  41. MAINTAINERS
  42. Makefile
  43. README