From: Mateusz Jurczyk <mjurc...@google.com> Date: Tue, 13 Jun 2017 19:42:28 +0200
> Verify that the caller-provided sockaddr structure is large enough to > contain the sa_family field, before accessing it in bind() and connect() > handlers of the AF_IUCV socket. Since neither syscall enforces a minimum > size of the corresponding memory region, very short sockaddrs (zero or > one byte long) result in operating on uninitialized memory while > referencing .sa_family. > > Signed-off-by: Mateusz Jurczyk <mjurc...@google.com> ... > /* Verify the input sockaddr */ > - if (!addr || addr->sa_family != AF_IUCV) > - return -EINVAL; > - > - if (addr_len < sizeof(struct sockaddr_iucv)) > + if (!addr || addr_len < sizeof(struct sockaddr_iucv) || > + addr->sa_family != AF_IUCV) The 'addr' can never be NULL so please remove that check, thank you.