sctp: Check address length before reading address family

KMSAN will complain if valid address length passed to connect() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2019-04-12 19:53:10 +0900
committer: David S. Miller <davem@davemloft.net> 2019-04-12 10:25:03 -0700
commit: 175f7c1f01d30b2088491bee4636fbf846fb76ce (patch)
tree: f3e3d60992e26ca033d285e6d287abd5a29ef4c1 /net
parent: 238ffdc49ef98b15819cfd5e3fb23194e3ea3d39 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 9874e60c9b0d..4583fa914e62 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4847,7 +4847,8 @@ static int sctp_connect(struct sock *sk, struct sockaddr *addr,
 	}
 
 	/* Validate addr_len before calling common connect/connectx routine. */
-	af = sctp_get_af_specific(addr->sa_family);
+	af = addr_len < offsetofend(struct sockaddr, sa_family) ? NULL :
+		sctp_get_af_specific(addr->sa_family);
 	if (!af || addr_len < af->sockaddr_len) {
 		err = -EINVAL;
 	} else {
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2019-04-12 19:53:10 +0900
committer	David S. Miller <davem@davemloft.net>	2019-04-12 10:25:03 -0700
commit	175f7c1f01d30b2088491bee4636fbf846fb76ce (patch)
tree	f3e3d60992e26ca033d285e6d287abd5a29ef4c1 /net
parent	238ffdc49ef98b15819cfd5e3fb23194e3ea3d39 (diff)