On Fri, May 29, 2020 at 11:32:25AM -0700, Eric Dumazet wrote: > syzbot was able to trigger a crash after using an ISDN socket > and fool l2tp. > > Fix this by making sure the UDP socket is of the proper family. > > --- a/net/l2tp/l2tp_core.c > +++ b/net/l2tp/l2tp_core.c > @@ -1458,6 +1458,9 @@ static int l2tp_validate_socket(const struct sock *sk, > const struct net *net, > if (sk->sk_type != SOCK_DGRAM) > return -EPROTONOSUPPORT; > > + if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) > + return -EPROTONOSUPPORT; > + > if ((encap == L2TP_ENCAPTYPE_UDP && sk->sk_protocol != IPPROTO_UDP) || > (encap == L2TP_ENCAPTYPE_IP && sk->sk_protocol != IPPROTO_L2TP)) > return -EPROTONOSUPPORT; > Thanks a lot!
Acked-by: Guillaume Nault <gna...@redhat.com>
