Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp463625ybl; Tue, 28 Jan 2020 06:22:16 -0800 (PST) X-Google-Smtp-Source: APXvYqzntDFhTxlcmhsjIhEgE0voZDPOqZ/hgFfTrf9SIpYgtHcCmbJhmVA78MbvSGELhfvfAcP1 X-Received: by 2002:a05:6830:95:: with SMTP id a21mr5699530oto.171.1580221335918; Tue, 28 Jan 2020 06:22:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580221335; cv=none; d=google.com; s=arc-20160816; b=0LkiZJ1dsyoAKMMhIh1cYGgkWZHukJjUyepzE+9SmbigNjrpZNz9Og28XaZRXMVFU9 8yFiYjbyfCfv5d2iy+6VYP6DoDFc9o0zhFoNOK+6dwDzNM8fL8njqtj+nLFW05iWvu6I 3rHeY3ugBKdDmCX8qwzi2qPbNhfKWK6lhuXEYXerFr/tszTzkKWsM2auwBERjZBY8CPN d2NZvO3LaOYlrdHHD+0NnA37EN/xIev0r1Q0OopydZpdy3PSHDcKcHFmN7Ze7oHY1Z5/ K9Vf7auIqE/+jZris6QVwYH8aqdxYEoT5/dNfkqVQpENAzgfzorsEEWsvNp1OsX16qfO z9TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=z0wDYJgejN4V52QLUFifKXgtTbgtq4UKdq8JMWfdiv0=; b=yjLo1apu+8nUnS5o80k0eoSYhoorVU13Z+PO0lu1ruE3khT+0eS6uURBJkOSuVeX2h nE4FQiEx+MJA+xeERN8sfdBMdnRX/DowoL4C+KolgC57+BIHXSin/nQKg8km4XFJ0eru IqH4vCK8KRG0BlP+i+uJOduojKK74UtDOH1YWvLSKvTtGyidKZLCoddFZVMkzdZ3HMTC WY0nUyVbVHOwgxF8/PPx1rcFhTL9/BCGVYb2f9eLA3D3HFUTm1fcvsJBtkbNx67T8tQV 00Yk+zn6BDyFCAbyRr/Ja1861jsKHj/VbDLhG2kJyu8YpzoBkROQpjfMAcCaZTthAysl S8VQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ITZfBNvz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w7si9372123otq.250.2020.01.28.06.22.04; Tue, 28 Jan 2020 06:22:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ITZfBNvz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730943AbgA1OTt (ORCPT + 99 others); Tue, 28 Jan 2020 09:19:49 -0500 Received: from mail.kernel.org ([198.145.29.99]:44300 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730651AbgA1OTq (ORCPT ); Tue, 28 Jan 2020 09:19:46 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9EEA624681; Tue, 28 Jan 2020 14:19:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1580221186; bh=GkmS6Nex2vCZ6uL4UYPfmvaRHWDpmAKvtj3pkJAo20o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ITZfBNvz7kryh/jd/woNoUiscNJiK4tcJ1dFaNiE9ZLC37qQQ6tcNvsQNasFIu7jB Na+eTvZjvJKhcGkH7yHqPt6ToVqh8zyU4WMmtgc2cwQRLYbesp9WXOU82poHoHS0Au QC7jBRrazWOqYZYLkAHWNDmQS2O0Uj+s/C3hCMX8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Laight , Willem de Bruijn , "David S. Miller" , Sasha Levin Subject: [PATCH 4.9 124/271] packet: in recvmsg msg_name return at least sizeof sockaddr_ll Date: Tue, 28 Jan 2020 15:04:33 +0100 Message-Id: <20200128135901.826156562@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200128135852.449088278@linuxfoundation.org> References: <20200128135852.449088278@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Willem de Bruijn [ Upstream commit b2cf86e1563e33a14a1c69b3e508d15dc12f804c ] Packet send checks that msg_name is at least sizeof sockaddr_ll. Packet recv must return at least this length, so that its output can be passed unmodified to packet send. This ceased to be true since adding support for lladdr longer than sll_addr. Since, the return value uses true address length. Always return at least sizeof sockaddr_ll, even if address length is shorter. Zero the padding bytes. Change v1->v2: do not overwrite zeroed padding again. use copy_len. Fixes: 0fb375fb9b93 ("[AF_PACKET]: Allow for > 8 byte hardware addresses.") Suggested-by: David Laight Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/packet/af_packet.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 40cade140222f..47a862cc7b349 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -3404,20 +3404,29 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) { + int copy_len; + /* If the address length field is there to be filled * in, we fill it in now. */ if (sock->type == SOCK_PACKET) { __sockaddr_check_size(sizeof(struct sockaddr_pkt)); msg->msg_namelen = sizeof(struct sockaddr_pkt); + copy_len = msg->msg_namelen; } else { struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll; msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr); + copy_len = msg->msg_namelen; + if (msg->msg_namelen < sizeof(struct sockaddr_ll)) { + memset(msg->msg_name + + offsetof(struct sockaddr_ll, sll_addr), + 0, sizeof(sll->sll_addr)); + msg->msg_namelen = sizeof(struct sockaddr_ll); + } } - memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, - msg->msg_namelen); + memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len); } if (pkt_sk(sk)->auxdata) { -- 2.20.1