Skip to content

Commit

Permalink
Merge branch 'getsockopt-parameter-validation'
Browse files Browse the repository at this point in the history 
Gavrilov Ilia says:

====================
fix incorrect parameter validation in the *_get_sockopt() functions

This v2 series fix incorrent parameter validation in *_get_sockopt()
functions in several places.

version 2 changes:
- reword the patch description
- add two patches for net/kcm and net/x25
====================

Signed-off-by: David S. Miller <[email protected]>
  • Loading branch information
@davem330
davem330 committed Mar 11, 2024
2 parents c2b2509 + d6eb8de commit e996401
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 10 deletions.
4 changes: 3 additions & 1 deletion net/ipv4/ipmr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1603,9 +1603,11 @@ int ip_mroute_getsockopt(struct sock *sk, int optname, sockptr_t optval,

if (copy_from_sockptr(&olr, optlen, sizeof(int)))
return -EFAULT;
olr = min_t(unsigned int, olr, sizeof(int));
if (olr < 0)
return -EINVAL;

olr = min_t(unsigned int, olr, sizeof(int));

if (copy_to_sockptr(optlen, &olr, sizeof(int)))
return -EFAULT;
if (copy_to_sockptr(optval, &val, olr))
Expand Down
4 changes: 2 additions & 2 deletions net/ipv4/tcp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4011,11 +4011,11 @@ int do_tcp_getsockopt(struct sock *sk, int level,
if (copy_from_sockptr(&len, optlen, sizeof(int)))
return -EFAULT;

len = min_t(unsigned int, len, sizeof(int));

if (len < 0)
return -EINVAL;

len = min_t(unsigned int, len, sizeof(int));

switch (optname) {
case TCP_MAXSEG:
val = tp->mss_cache;
Expand Down
4 changes: 2 additions & 2 deletions net/ipv4/udp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2791,11 +2791,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
if (get_user(len, optlen))
return -EFAULT;

len = min_t(unsigned int, len, sizeof(int));

if (len < 0)
return -EINVAL;

len = min_t(unsigned int, len, sizeof(int));

switch (optname) {
case UDP_CORK:
val = udp_test_bit(CORK, sk);
Expand Down
3 changes: 2 additions & 1 deletion net/kcm/kcmsock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1153,10 +1153,11 @@ static int kcm_getsockopt(struct socket *sock, int level, int optname,
if (get_user(len, optlen))
return -EFAULT;

len = min_t(unsigned int, len, sizeof(int));
if (len < 0)
return -EINVAL;

len = min_t(unsigned int, len, sizeof(int));

switch (optname) {
case KCM_RECV_DISABLE:
val = kcm->rx_disabled;
Expand Down
4 changes: 2 additions & 2 deletions net/l2tp/l2tp_ppp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1356,11 +1356,11 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
if (get_user(len, optlen))
return -EFAULT;

len = min_t(unsigned int, len, sizeof(int));

if (len < 0)
return -EINVAL;

len = min_t(unsigned int, len, sizeof(int));

err = -ENOTCONN;
if (!sk->sk_user_data)
goto end;
Expand Down
4 changes: 2 additions & 2 deletions net/x25/af_x25.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -460,12 +460,12 @@ static int x25_getsockopt(struct socket *sock, int level, int optname,
if (get_user(len, optlen))
goto out;

len = min_t(unsigned int, len, sizeof(int));

rc = -EINVAL;
if (len < 0)
goto out;

len = min_t(unsigned int, len, sizeof(int));

rc = -EFAULT;
if (put_user(len, optlen))
goto out;
Expand Down

0 comments on commit e996401

Please sign in to comment.