netlink: validate addr_len on bind

Otherwise an out of bounds read could happen.

Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 9ee52b6a12dd28d6f9a2dc24d9ad277101361c2a..c0353d55d56fc4221d72153c6f54849cb89f292b 100644 (file)
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -669,6 +669,9 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
        struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;
        int err;
 
+       if (addr_len < sizeof(struct sockaddr_nl))
+               return -EINVAL;
+
        if (nladdr->nl_family != AF_NETLINK)
                return -EINVAL;