net/ieee802154: fix uninit value bug in dgram_sendmsg
authorHaimin Zhang <tcs.kernel@gmail.com>
Thu, 8 Sep 2022 12:19:27 +0000 (20:19 +0800)
committerDavid S. Miller <davem@davemloft.net>
Fri, 16 Sep 2022 09:53:55 +0000 (10:53 +0100)
commit94160108a70c8af17fa1484a37e05181c0e094af
tree5e0afc128cd6579f1a78ffeb7f9d02df3eeb1637
parent0727a9a5fbc1151fcaebfa9772e9f68f5e38ba9e
net/ieee802154: fix uninit value bug in dgram_sendmsg

There is uninit value bug in dgram_sendmsg function in
net/ieee802154/socket.c when the length of valid data pointed by the
msg->msg_name isn't verified.

We introducing a helper function ieee802154_sockaddr_check_size to
check namelen. First we check there is addr_type in ieee802154_addr_sa.
Then, we check namelen according to addr_type.

Also fixed in raw_bind, dgram_bind, dgram_connect.

Signed-off-by: Haimin Zhang <tcs_kernel@tencent.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/ieee802154_netdev.h
net/ieee802154/socket.c