net: check the length of the socket address passed to connect(2)

check the length of the socket address passed to connect(2). Check the length of the socket address passed to connect(2). If the length is invalid, -EINVAL will be returned. Signed-off-by: Changli Gao <xiaosuo@gmail.com> ---- net/bluetooth/l2cap.c | 3 ++- net/bluetooth/rfcomm/sock.c | 3 ++- net/bluetooth/sco.c | 3 ++- net/can/bcm.c | 3 +++ net/ieee802154/af_ieee802154.c | 3 +++ net/ipv4/af_inet.c | 5 +++++ net/netlink/af_netlink.c | 3 +++ 7 files changed, 20 insertions(+), 3 deletions(-) Signed-off-by: David S. Miller <davem@davemloft.net>
author: Changli Gao <xiaosuo@gmail.com> 2010-03-31 22:58:26 (GMT)
committer: David S. Miller <davem@davemloft.net> 2010-04-02 00:26:01 (GMT)
commit: 6503d96168f891ffa3b70ae6c9698a1a722025a0 (patch)
tree: 9fafcd9eb2c0b3feda0cf4c36e4167ba3028d83a /net/bluetooth/sco.c
parent: a1d6f3f65512cc90a636e6ec653b7bc9e2238753 (diff)
download: linux-fsl-qoriq-6503d96168f891ffa3b70ae6c9698a1a722025a0.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index e5b16b7..ca6b2ad 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -499,7 +499,8 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
 
 	BT_DBG("sk %p", sk);
 
-	if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_sco))
+	if (alen < sizeof(struct sockaddr_sco) ||
+	    addr->sa_family != AF_BLUETOOTH)
 		return -EINVAL;
 
 	if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
author	Changli Gao <xiaosuo@gmail.com>	2010-03-31 22:58:26 (GMT)
committer	David S. Miller <davem@davemloft.net>	2010-04-02 00:26:01 (GMT)
commit	6503d96168f891ffa3b70ae6c9698a1a722025a0 (patch)
tree	9fafcd9eb2c0b3feda0cf4c36e4167ba3028d83a /net/bluetooth/sco.c
parent	a1d6f3f65512cc90a636e6ec653b7bc9e2238753 (diff)
download	linux-fsl-qoriq-6503d96168f891ffa3b70ae6c9698a1a722025a0.tar.xz