Message ID | 20190220213454.244600-1-jannh@google.com |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [net] net: socket: add check for negative optlen in compat setsockopt | expand |
From: Jann Horn <jannh@google.com> Date: Wed, 20 Feb 2019 22:34:54 +0100 > __sys_setsockopt() already checks for `optlen < 0`. Add an equivalent check > to the compat path for robustness. This has to be `> INT_MAX` instead of > `< 0` because the signedness of `optlen` is different here. > > Signed-off-by: Jann Horn <jannh@google.com> Applied and queued up for -stable, thanks Jann.
diff --git a/net/compat.c b/net/compat.c index 959d1c51826d..3d348198004f 100644 --- a/net/compat.c +++ b/net/compat.c @@ -388,8 +388,12 @@ static int __compat_sys_setsockopt(int fd, int level, int optname, char __user *optval, unsigned int optlen) { int err; - struct socket *sock = sockfd_lookup(fd, &err); + struct socket *sock; + + if (optlen > INT_MAX) + return -EINVAL; + sock = sockfd_lookup(fd, &err); if (sock) { err = security_socket_setsockopt(sock, level, optname); if (err) {
__sys_setsockopt() already checks for `optlen < 0`. Add an equivalent check to the compat path for robustness. This has to be `> INT_MAX` instead of `< 0` because the signedness of `optlen` is different here. Signed-off-by: Jann Horn <jannh@google.com> --- net/compat.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)