Kurt, ----- Ursprüngliche Mail ----- > Happy testing? ;-) > commit 124900109ca88d29382ef2e2b848d3a2f9d67b98 > Author: Kurt Van Dijck <dev.kurt@xxxxxxxxxxxxxxxxxxxxxx> > Date: Wed Mar 24 20:08:50 2021 > > can raw: don't increase provided name length > > The length of the buffer is known by the application, > not the kernel. Kernel is supposed to return only the > size of used bytes. > There is a minimum required size for the struct sockaddr_can > to be usefull for can_raw, so errors are returned when > the provided size is lower > > Signed-off-by: Kurt Van Dijck <dev.kurt@xxxxxxxxxxxxxxxxxxxxxx> > > diff --git a/net/can/raw.c b/net/can/raw.c > index 6ec8aa1d0da4..00d352ae221e 100644 > --- a/net/can/raw.c > +++ b/net/can/raw.c > @@ -475,7 +475,7 @@ static int raw_getname(struct socket *sock, struct sockaddr > *uaddr, > if (peer) > return -EOPNOTSUPP; > > - memset(addr, 0, sizeof(*addr)); > + memset(addr, 0, CAN_REQUIRED_SIZE(*addr, ifindex)); can_ifindex? > addr->can_family = AF_CAN; > addr->can_ifindex = ro->ifindex; > > @@ -806,6 +806,10 @@ static int raw_recvmsg(struct socket *sock, struct msghdr > *msg, size_t size, > return sock_recv_errqueue(sk, msg, size, > SOL_CAN_RAW, SCM_CAN_RAW_ERRQUEUE); > > + if (msg->name && msg->msg_namelen < msg->msg_name? > + CAN_REQUIRED_SIZE(struct sockaddr_can, ifindex)) > + return -EINVAL; > + With the above changes this -EINVAL always triggers. msg->msg_namelen is 0 in my case. The application does: socklen_t addrlen = sizeof(struct sockaddr_can); recvfrom(s, &frame, sizeof(struct can_frame), 0, (struct sockaddr *)&addr, &addrlen); Thanks, //richard
