Re: [PATCH] net/packet: check length in getsockopt() called with PACKET_HDRLEN

From: Alexander Potapenko Date: Tue, 25 Apr 2017 18:51:46 +0200 > In the case getsockopt() is called with PACKET_HDRLEN and optlen < 4 > |val| remains uninitialized and the syscall may behave differently > depending on its value, and even copy garbage to userspace on certain >

[PATCH] net/packet: check length in getsockopt() called with PACKET_HDRLEN

In the case getsockopt() is called with PACKET_HDRLEN and optlen < 4 |val| remains uninitialized and the syscall may behave differently depending on its value, and even copy garbage to userspace on certain architectures. To fix this we now return -EINVAL if optlen is too small. This bug has been