From patchwork Wed Feb 20 21:34:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn X-Patchwork-Id: 1045567 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="QF5YQi+l"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 444W9F5z1pz9s7h for ; Thu, 21 Feb 2019 08:35:13 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727210AbfBTVfJ (ORCPT ); Wed, 20 Feb 2019 16:35:09 -0500 Received: from mail-it1-f201.google.com ([209.85.166.201]:41168 "EHLO mail-it1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727077AbfBTVfJ (ORCPT ); Wed, 20 Feb 2019 16:35:09 -0500 Received: by mail-it1-f201.google.com with SMTP id q184so13284753itd.6 for ; Wed, 20 Feb 2019 13:35:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=OXyCSDz8Enqud3cO2LvvNEFBuYyIKW4lu57aGkX8Qks=; b=QF5YQi+lyz3S2F3WmepcCstzOtCUTMjYABX7XE4bks4wO0ofNXKzivLQU1ti4cqwYq YgETxQRrHqwjW4njIZOiam6be6cGXMfO9F+CilH51RE19xErGzE+AkigBRvJKLennQCw kk/lrOVIVNQjx84Cr5zy3KPGrnvL2dzBBVps4w232e9I63vFjX946L3yxjLoWyohvccp vRQe9STD7F8vlxrbuH61743VOMcwqHyBl2LXpcHUXEDSIRjakY8jnM56iWXP7HA40+Sp lEN24NWo9rM3goqqSWooU+VSqo0NZZMYGlLZ77m7kJ1wiRUYibTOqOFMeW+muw0pTQrU UNOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=OXyCSDz8Enqud3cO2LvvNEFBuYyIKW4lu57aGkX8Qks=; b=YFdbxPCiz2nYS0TM8eyRUvsaH3DW4yvlArU6h6dQBniL3QZs5AFUTbL90Nbl5oyu8+ Wnm4Pfts78kMS2XW5l6bfB3E/2g68LDoOfEf9oPX+VYjwyzqrDztEga0SZwRQSGg3twN 5d+kpNCOkPFqxLH+8ClQUmeEGiK5aTE2zq0wQJzMvBwEbcL7WkekrTKAvFYat8UmAOPI hkw7WhASc9+fZa8KXNeFhPvcngF6F2s0rEjk0tRv8DyBpadmi+790dUaWxZXZxfLFsBI BNOrsnTcF7Fe8yqV9PP/Mmt/Y6ku66X3E98d96qZXkNg5Oco88Mt4122FbO7Szs4KKui pkPA== X-Gm-Message-State: AHQUAubnCVQbSNdHVHNet8J46zaXl9V8ODEK0KQI0fjkeqyzlQaEsbsX CrbKGyCWZ8C08B7qHj/qnRsq9LbvnQ== X-Google-Smtp-Source: AHgI3IYRU+i08VyArFmdRrCtGKs7syI/9DTrKV8QxT8jV7m7thX0zFntp9gJ/KSp+kGiex8W2keey7P74A== X-Received: by 2002:a24:1303:: with SMTP id 3mr1534061itz.40.1550698507926; Wed, 20 Feb 2019 13:35:07 -0800 (PST) Date: Wed, 20 Feb 2019 22:34:54 +0100 Message-Id: <20190220213454.244600-1-jannh@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.21.0.rc0.258.g878e2cd30e-goog Subject: [PATCH net] net: socket: add check for negative optlen in compat setsockopt From: Jann Horn To: "David S. Miller" , jannh@google.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org __sys_setsockopt() already checks for `optlen < 0`. Add an equivalent check to the compat path for robustness. This has to be `> INT_MAX` instead of `< 0` because the signedness of `optlen` is different here. Signed-off-by: Jann Horn --- net/compat.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/compat.c b/net/compat.c index 959d1c51826d..3d348198004f 100644 --- a/net/compat.c +++ b/net/compat.c @@ -388,8 +388,12 @@ static int __compat_sys_setsockopt(int fd, int level, int optname, char __user *optval, unsigned int optlen) { int err; - struct socket *sock = sockfd_lookup(fd, &err); + struct socket *sock; + + if (optlen > INT_MAX) + return -EINVAL; + sock = sockfd_lookup(fd, &err); if (sock) { err = security_socket_setsockopt(sock, level, optname); if (err) {