Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2379989lqp; Sun, 24 Mar 2024 16:50:02 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU0BSo7gVSo0jHLVSpJP4UQEUl9xNPX+eL7ktixEKPan442LPiybR5HDGXoO5t5Jex/3Cy4Tbc1HAI5V5kYVcqSs72Hckt1iiARU522gw== X-Google-Smtp-Source: AGHT+IHC2cdCNH6pwurwbEtmIqjEG2Ih0w/ubYr9l055nkanD3V3tKl7bvQBfCAVdQr2LA89O3JM X-Received: by 2002:a05:6808:bcf:b0:3c3:d269:5728 with SMTP id o15-20020a0568080bcf00b003c3d2695728mr215868oik.28.1711324202354; Sun, 24 Mar 2024 16:50:02 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711324202; cv=pass; d=google.com; s=arc-20160816; b=p8YngKuctZ3ixhfOuk2B8qODQ7VCGCJjyo9m8B4frW73Vu0awgJCIok3GLUSt/ix+u OUirDNSZ09AETKyRIpPC0hrk1JC8aid+bwi+uXK7qfbAQa1qf5ctocxcg3PkYlEFyxC3 lnkg2S7ycCO96jlKtuPT3P+7RxAORVlV4i5ak8n8uw24djAO89hPo5XwqzMpqUVkGuEA ntxX4HnfwQ62oySX8iSwXAWtVwGxtWoba67ReDV6UXIl9J5vcmV9rYl3DJFs8Fo6wjD5 4nwSpETJ45vm5daXzaP5sdKyGzS616zfxu42Hm4PjyHWomft2eIn+p5v+VXwhPxfGMkh AgqQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=/RFr6hn5qYw7FR4xBCYi/NVeWcVhVtivL24ZeBNRmBg=; fh=Md7EcTWe18BFLXa/NFjTdAq1RnNmcXYsjSXnwSOO/TQ=; b=q710yuaM3H8If5SRLz0hq93oHCcxOjBcURESahXjbkCEPkssoR7OO65e2LItZ56JeC cZ6LLXyfmNiBOqAxxic8Yt5ze9Byboh3FueOhQ/4mtrkgYII5E4jFu0vyr4wIIl7sYtE uRPIdK0jjcdXlx31/7PRvwnzIVt3U6bP4AaXSKFjBbTfrKtshdaImBV91mAeT03YboY2 BMILYnJ5mv/jTIcbXRSgkqAfKtRujabG2fvlgZrroGQ58KW9BL8hx3wQOFy39TCcfMTG LVK5PWqt8WshJSh/C/nPRpjk7yuwcC4/5NXzw8J0jg8hy+UwAYdQAo1rlHDPrWoaUUCh Ttbw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rH64gniD; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113228-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113228-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id n14-20020ac85a0e000000b004315b27cb0bsi586192qta.540.2024.03.24.16.50.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 16:50:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-113228-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rH64gniD; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113228-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113228-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 139691C22939 for ; Sun, 24 Mar 2024 23:50:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C7F7D17ADE7; Sun, 24 Mar 2024 22:40:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rH64gniD" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B113A17ADC2; Sun, 24 Mar 2024 22:40:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320029; cv=none; b=OZe/68Qpu4ZLSmxFOCP7wQmW5FaImpWL5j0KPVQFBdp85r8pmxvdhHmXWyCO4uWGwHJFJlX7a/FtKDuqI159/zyy7jaJ0fkgIvqzL1dYJRuDR0uIdOqQtVPWuG9PaohdzhurB9RQEaAQcYLF7brorADQVSXq7V9COt1XC9qeU+A= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320029; c=relaxed/simple; bh=srNq0NrXfKRCl3FfFu+LjLJpVTxyIDjYe4yjGKTjrvU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dTA/Lti5afQihANSdoUl4dMaMfvNuAr+uTq7mGLBBEFAB+TFkyMFBCMrLLsKp4/vzBi0u4fheEdFSXC3Et+eai3mdENNxo3ge7VwtuxqJqtQib3V2oWykEWTwjsIdnqTuyGAw44MQs33NgwCkgkS3/KDXOFw2EUWUy1SstmZ1Vw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rH64gniD; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 82FC6C433C7; Sun, 24 Mar 2024 22:40:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711320029; bh=srNq0NrXfKRCl3FfFu+LjLJpVTxyIDjYe4yjGKTjrvU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rH64gniDb6gKQtyQtf2OROLNX4XmVHSLmlsGPCqjgNzIkv2p+ICpjg0MZ6UjRdqfo Ko63O0rtWhtRIfY+PxLgm5U94E+YJv0HXs2U3A+4SgckDePS3oNwgl0sftVfG3FjJ+ msZL/e9A9L3fUXzpXGMq3ZJq2sWCS6W7td6l6zgReN5BBD9Mx+zy2WD6gbZL/nvu/I zT7hdzYXcipO8a/jak8ZfcrhXLS/EC0e7fGhElfCAgcGAk0/Yfbrnjil2gcgISVMmU lorv1mv7JgP0JI1sVOuwn9BOuxAFaAAW4/09NnVOqe4o5nOSMpWGmHsRA2/Kjyaad1 7ScjrtnL5STHQ== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , Jason Xing , "David S . Miller" , Sasha Levin Subject: [PATCH 6.8 337/715] tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function Date: Sun, 24 Mar 2024 18:28:36 -0400 Message-ID: <20240324223455.1342824-338-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324223455.1342824-1-sashal@kernel.org> References: <20240324223455.1342824-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 716edc9706deb3bb2ff56e2eeb83559cea8f22db ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Gavrilov Ilia Reviewed-by: Jason Xing Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/tcp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index c82dc42f57c65..a4f4185923144 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4010,11 +4010,11 @@ int do_tcp_getsockopt(struct sock *sk, int level, if (copy_from_sockptr(&len, optlen, sizeof(int))) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); - if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case TCP_MAXSEG: val = tp->mss_cache; -- 2.43.0