Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp451638ybl; Tue, 28 Jan 2020 06:12:15 -0800 (PST) X-Google-Smtp-Source: APXvYqw3MJWtggKZ7816cVUDsfBZj3OKO078Z1ZHJ1brmxRsYUmrTO/Uo6MwUL5mL1bIw2ypBzKP X-Received: by 2002:a9d:67d7:: with SMTP id c23mr6914454otn.262.1580220734628; Tue, 28 Jan 2020 06:12:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580220734; cv=none; d=google.com; s=arc-20160816; b=gKXGj9QPcV3mGzz3JC0MxFCXJrELxCWHR+2wcw83oBIViBnIWY6Th6wIQF4uCh42Lx F1zY7B9p+zf/nooX5Xgs2CoA4KrpiPaB8LsZ0qr6VWciFU6fqtD/z0Qz27wvisa40pLf GC/o4O3hI5kz0maYbiIVMp+8GWRsn4cnEgclsuEtCEzd8FxQcyUftPbu1KKgGvCaN1Nd Dk0EGKVqrCgWOXJc7H2LVFJivvViI0b0YeXt8gnLgAcCQ/2qNx9uwbdoZ7b3x2J3S4mK jbzXA/7vnGYmjU5I8NDLSK5JxX7/Se0fKReotrWi8gs/629z8cX+jK4Gqqtp5wKY7AP/ nNoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wyelG+L1UC7wnaCNFopM8nrX8NTPtIpmNrOtSZXF4DA=; b=od3LqXVEh7KeYfIrlchhRYks1sefCMhnuBWzF7pCjHz4sPCliFLKZ6sL5TE2QNb+zS aLHOSf7i4Gy7kBd1REYEcBSQnW2T/g/L2Utld/qQe+8IH1VOJ9Yu5W/AE4vyFHoU64dW H9z6El5sJgLywYnVuIXesRyKJCU+8ERzEQ3a1rIFMVqn7PnAlgmolIzVDJMHyEjZ+1Uz sS3autBr3YIV0A1tryk1yVNX6OhqkH6nsgy6A/eyZ8iCgoFJS+DOPUprDTlufiVaUrSY EGYmKuH5tr2dUelayWpbV6dj4L3ExfHkeeb/zaQRkU0JE+Y42GI8zr95HBXz9ekGUrXA M5ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="hB/pJ8aj"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t142si5232847oih.242.2020.01.28.06.11.59; Tue, 28 Jan 2020 06:12:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="hB/pJ8aj"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729159AbgA1OK3 (ORCPT + 99 others); Tue, 28 Jan 2020 09:10:29 -0500 Received: from mail.kernel.org ([198.145.29.99]:59300 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727923AbgA1OK1 (ORCPT ); Tue, 28 Jan 2020 09:10:27 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7818522522; Tue, 28 Jan 2020 14:10:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1580220626; bh=yWx+SyF8JNDr/KrEqZhljwIs9PAmmvfLfKF+FNV5/Gk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hB/pJ8aj1sbCkAP2Ktj6isP3jdgBFRAecl4RNqacfRuJPm+bkVLiMu8k2G55X9qcL 8BQYJ6I+ZkFTHrmHy9odFXkuCp7OuvHT67cBqSyaSj+epcjzoDzVCnS9s8vXp35oUk Lb7C8bm6R3QIyXUTPgHTvuNvtdoI0dEgG3k1jyVw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Laight , Willem de Bruijn , "David S. Miller" , Sasha Levin Subject: [PATCH 4.4 083/183] packet: in recvmsg msg_name return at least sizeof sockaddr_ll Date: Tue, 28 Jan 2020 15:05:02 +0100 Message-Id: <20200128135838.223490325@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200128135829.486060649@linuxfoundation.org> References: <20200128135829.486060649@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Willem de Bruijn [ Upstream commit b2cf86e1563e33a14a1c69b3e508d15dc12f804c ] Packet send checks that msg_name is at least sizeof sockaddr_ll. Packet recv must return at least this length, so that its output can be passed unmodified to packet send. This ceased to be true since adding support for lladdr longer than sll_addr. Since, the return value uses true address length. Always return at least sizeof sockaddr_ll, even if address length is shorter. Zero the padding bytes. Change v1->v2: do not overwrite zeroed padding again. use copy_len. Fixes: 0fb375fb9b93 ("[AF_PACKET]: Allow for > 8 byte hardware addresses.") Suggested-by: David Laight Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/packet/af_packet.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 8b277658905f7..9de7e3e6edd30 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -3309,20 +3309,29 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) { + int copy_len; + /* If the address length field is there to be filled * in, we fill it in now. */ if (sock->type == SOCK_PACKET) { __sockaddr_check_size(sizeof(struct sockaddr_pkt)); msg->msg_namelen = sizeof(struct sockaddr_pkt); + copy_len = msg->msg_namelen; } else { struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll; msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr); + copy_len = msg->msg_namelen; + if (msg->msg_namelen < sizeof(struct sockaddr_ll)) { + memset(msg->msg_name + + offsetof(struct sockaddr_ll, sll_addr), + 0, sizeof(sll->sll_addr)); + msg->msg_namelen = sizeof(struct sockaddr_ll); + } } - memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, - msg->msg_namelen); + memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len); } if (pkt_sk(sk)->auxdata) { -- 2.20.1