From: Leon Romanovsky <leonro@xxxxxxxxxxxx>
Ensure that user provides valid AF family prior to query device address.
Reported-by: <syzbot+2a2c48fc189ed5125b9c@xxxxxxxxxxxxxxxxxxxxxxxxx>
Fixes: ee7aed4528fb ("RDMA/ucma: Support querying for AF_IB addresses")
Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
---
Changelog v0 -> v1:
* Fix wrongly placed memcpy
---
drivers/infiniband/core/ucma.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index 21585055cf32..f88350d51d9e 100644
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -879,10 +879,16 @@ static ssize_t ucma_query_addr(struct ucma_context *ctx,
addr = (struct sockaddr *) &ctx->cm_id->route.addr.src_addr;
resp.src_size = rdma_addr_size(addr);
+ if (!resp.src_size)
+ return -EINVAL;
+
memcpy(&resp.src_addr, addr, resp.src_size);
addr = (struct sockaddr *) &ctx->cm_id->route.addr.dst_addr;
resp.dst_size = rdma_addr_size(addr);
+ if (!resp.dst_size)
+ return -EINVAL;
+
memcpy(&resp.dst_addr, addr, resp.dst_size);
ucma_query_device_addr(ctx->cm_id, &resp);
--
2.14.3
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
