When sendmsg() is called with the RXRPC_ACCEPT control message, sendmsg()
shouldn't also be given an address in msg_name.
Signed-off-by: David Howells <dhowe...@redhat.com>
---
net/rxrpc/ar-output.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c
index b87fda075b45..044de9bf34a4 100644
--- a/net/rxrpc/ar-output.c
+++ b/net/rxrpc/ar-output.c
@@ -199,7 +199,8 @@ int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr
*msg, size_t len)
return ret;
if (cmd == RXRPC_CMD_ACCEPT) {
- if (rx->sk.sk_state != RXRPC_SERVER_LISTENING)
+ if (rx->sk.sk_state != RXRPC_SERVER_LISTENING ||
+ msg->msg_name)
return -EINVAL;
call = rxrpc_accept_call(rx, user_call_ID);
if (IS_ERR(call))
