FPII-2235 Elevation of privilege vulnerability in kernel networking component CVE-2015-2686 ANDROID-28759139 Change-Id: I2deb5c3e3f6b1258b0a86f9deb07f132734613b0 net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom

commit: 22227265c07a138e3bf36f24ffb64c93823d2349 [log] [tgz]
author: Teow Wan Yee <wy.teow@hi-p.com> Wed Jul 27 16:00:14 2016 +0800
committer: Teemu Hukkanen <teemu@fairphone.com> Fri Aug 26 10:38:27 2016 +0200
tree: b15e9dda9c13b44572ab89cfb1af98dc5d49d045
parent: a401aaf06f3bfa137381c2864bb41e9a92cac953 [diff] [blame]
diff --git a/net/socket.c b/net/socket.c
index 3548af3..e176e19 100644
--- a/net/socket.c
+++ b/net/socket.c

@@ -1723,6 +1723,8 @@
 
 	if (len > INT_MAX)
 		len = INT_MAX;
+    if (unlikely(!access_ok(VERIFY_READ, buff, len)))
+        return -EFAULT;
 	sock = sockfd_lookup_light(fd, &err, &fput_needed);
 	if (!sock)
 		goto out;
@@ -1782,6 +1784,8 @@
 
 	if (size > INT_MAX)
 		size = INT_MAX;
+    if (unlikely(!access_ok(VERIFY_WRITE, ubuf, size)))
+        return -EFAULT;
 	sock = sockfd_lookup_light(fd, &err, &fput_needed);
 	if (!sock)
 		goto out;
commit	22227265c07a138e3bf36f24ffb64c93823d2349	[log] [tgz]
author	Teow Wan Yee <wy.teow@hi-p.com>	Wed Jul 27 16:00:14 2016 +0800
committer	Teemu Hukkanen <teemu@fairphone.com>	Fri Aug 26 10:38:27 2016 +0200
tree	b15e9dda9c13b44572ab89cfb1af98dc5d49d045
parent	a401aaf06f3bfa137381c2864bb41e9a92cac953 [diff] [blame]