From c1610c6a6a51943265ff1c38b814ff4c04eaab12 Mon Sep 17 00:00:00 2001
From: Bulbul Dabi <bdabi@codeaurora.org>
Date: Wed, 23 Nov 2016 16:57:47 +0530
Subject: [PATCH] net: add additional args validation in ping_common_sendmsg()

adding  validation of the len variable in ping_common_sendmsg()
to check if its less than icmph_len which canleading to a
overflow issues.

addressing issue reported under CVE-2016-8399 A-31349935 and
suggestion.

Change-Id: I98f7b070b41312832b6a347ea1c11b9c700159a7
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
---
 net/ipv4/ping.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index f8c8f60ad7e2..aaa70dd66667 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -651,7 +651,7 @@ int ping_common_sendmsg(int family, struct msghdr *msg, size_t len,
 			void *user_icmph, size_t icmph_len) {
 	u8 type, code;
 
-	if (len > 0xFFFF)
+	if (len > 0xFFFF || len < icmph_len)
 		return -EMSGSIZE;
 
 	/*
-- 
GitLab