Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933982Ab3CRVuv (ORCPT ); Mon, 18 Mar 2013 17:50:51 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:45687 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755766Ab3CRVHJ (ORCPT ); Mon, 18 Mar 2013 17:07:09 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Guenter Roeck , Vlad Yasevich , "David S. Miller" Subject: [ 56/75] net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS Date: Mon, 18 Mar 2013 14:07:19 -0700 Message-Id: <20130318210514.288751131@linuxfoundation.org> X-Mailer: git-send-email 1.8.1.2.434.g9a6c84e.dirty In-Reply-To: <20130318210510.203500214@linuxfoundation.org> References: <20130318210510.203500214@linuxfoundation.org> User-Agent: quilt/0.60-1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1824 Lines: 58 3.8-stable review patch. If anyone has any objections, please let me know. ------------------ From: Guenter Roeck commit 726bc6b092da4c093eb74d13c07184b18c1af0f1 upstream. Building sctp may fail with: In function ‘copy_from_user’, inlined from ‘sctp_getsockopt_assoc_stats’ at net/sctp/socket.c:5656:20: arch/x86/include/asm/uaccess_32.h:211:26: error: call to ‘copy_from_user_overflow’ declared with attribute error: copy_from_user() buffer size is not provably correct if built with W=1 due to a missing parameter size validation before the call to copy_from_user. Signed-off-by: Guenter Roeck Acked-by: Vlad Yasevich Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/sctp/socket.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -5653,6 +5653,9 @@ static int sctp_getsockopt_assoc_stats(s if (len < sizeof(sctp_assoc_t)) return -EINVAL; + /* Allow the struct to grow and fill in as much as possible */ + len = min_t(size_t, len, sizeof(sas)); + if (copy_from_user(&sas, optval, len)) return -EFAULT; @@ -5686,9 +5689,6 @@ static int sctp_getsockopt_assoc_stats(s /* Mark beginning of a new observation period */ asoc->stats.max_obs_rto = asoc->rto_min; - /* Allow the struct to grow and fill in as much as possible */ - len = min_t(size_t, len, sizeof(sas)); - if (put_user(len, optlen)) return -EFAULT; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/