From: Oliver Hartkopp <socket...@hartkopp.net> Date: Fri, 23 Jun 2017 19:36:12 +0200
> > > On 06/23/2017 07:32 PM, Julian Wiedmann wrote: >> From: Mateusz Jurczyk <mjurc...@google.com> >> >> Verify that the caller-provided sockaddr structure is large enough to >> contain the sa_family field, before accessing it in bind() and connect() >> handlers of the AF_IUCV socket. Since neither syscall enforces a minimum >> size of the corresponding memory region, very short sockaddrs (zero or >> one byte long) result in operating on uninitialized memory while >> referencing .sa_family. > > Won't it make sense to generally check the minimum length for .sa_family at a > single point before fixing all called sites? We had this discussion last week and we decided that putting it into the handlers is the way to go for now.
