Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2380137lqp; Sun, 24 Mar 2024 16:50:33 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUnKMpIEGmdZYz3EZT63yzAMntImLGP8hdU56+CaD9JQDvVw9Lsip1xMkUd82On9nmpgdR2t3bQ2cCJrfJ40ZjJZZCb9biM+Br/urPHUg== X-Google-Smtp-Source: AGHT+IFQEDsum6b2SpgJ4M00FocnnBU1CXG/a0RH6UyScIdbaR2Nu/nlDzx03si2U1yMwG1zE4QF X-Received: by 2002:a17:906:d81:b0:a46:a9ad:837c with SMTP id m1-20020a1709060d8100b00a46a9ad837cmr3137860eji.49.1711324233596; Sun, 24 Mar 2024 16:50:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711324233; cv=pass; d=google.com; s=arc-20160816; b=ENY+tj+eXr+q0tNxZ8q6852Ac03RUBeQ0km4W7+1h5mn9KyH0SnfFI/Mx131rdVL8n /GR7oj/2aWLYkEozAUU8Mq587KGm2tYrGY+fzdsa+ut1lC+kz2fyLeiKRhGrtkcQA8qn SjQdAtFaGT6tIjXTU5p54IXkA8nTwc9Da/smxNaJOQ8uWBs2vGRcKjE9r3wwkPZhSIwW qCzBrkIxhyFS9gYxsohlbA9ESop3tNFvisHOM84P5P3p7y+JEFMgn1GQ7Ne7+z20Jc4S mizBlNrem4Ih6envu9JnvP/SGS5FQigI0LrzBfAlPWbvCxuiKsVkis2EXUzMoLkyF0gu kO5Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=NhcmkmJMo4cf31YDw0TEfirBOKE+FIiIFukT0nXLtm0=; fh=3rysoXM2rdN9BGDZv0rDH1QSB0DsyZhdDh+wL2wqffI=; b=MkBtFWe74F1RTF4E75kv73uv5khOnzVeaMpjlNBYi5BjKnd7aRxhfhbGnfXfhDOIQS qM/2kQsMI/10JVMkRYfLw5cthHfW06uA1Y3D6vuNpmEZtrPVQG3eKfwuoCDuQ5ylt4KT qWgpnXuwt8OQPRG6dcmSFNcRj+0un6h87E+qbBcbGGsQaTSvtA7UiVYbKUHLfGa3ma64 +Pz4kjJPLneyahEeuyAcm/7DXdhRRu2fYW/uuLKiO+LNHzh0h0B06egrl9xCSkyi3EDj /dP0QfHuD2cAk3L7MdrFhTAJlnBCb3xnJVfwyFK5XIMY6MEruK8KU/DfTzlRfAmzIUWS cGqA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BIsuMVlb; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id m6-20020a1709060d8600b00a46d5a817bfsi2116008eji.259.2024.03.24.16.50.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 16:50:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BIsuMVlb; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 4E8531F21F49 for ; Sun, 24 Mar 2024 23:50:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3727613C912; Sun, 24 Mar 2024 22:40:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BIsuMVlb" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 420F713C8F5; Sun, 24 Mar 2024 22:40:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320032; cv=none; b=sSMusVqOdOD8Vzn124Klozuh4WLTUeXyMmCBubngLuHKqbM0gXT9QuOlBucYzw1eykUROTlB6JIn2EZ1RutwUQTvN0h8Byp9eAvgCTVLEglwM7+nkYqyF990/RIjj3DGCmUqARGPjusGVByG7ha85L9o5jsuLlxom01Q2yiN9yU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320032; c=relaxed/simple; bh=v11nOk9WMIawSUi2NTo75pwxYN0u6dGKGLF3hwTXg3Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ap7KWONVedc79ot0sZoK6k5x6DKX+z5RzM0d/CxBhYeQOD9iarbwXQDLITXxXwEZACc75lIKX/iFsh0EiPkLdGRghof7IiZg6a2935uUVMYWWhxl0k8QSRj2+V9DPMbWU+jVvNwc83PANg4PJ/EEhK1mQSMalCzPNZ2pcK72XYE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BIsuMVlb; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 64445C433F1; Sun, 24 Mar 2024 22:40:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711320032; bh=v11nOk9WMIawSUi2NTo75pwxYN0u6dGKGLF3hwTXg3Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BIsuMVlbn1Aiwegm+OIcEYxJdF/7wmujE2o3DNQbrlOYWvq8OdfZrqHV8ka4wyFiV 46ax869zvQsZ9dW0exGO+u7rbA+wr4AH3rzpj4p6wmkxRCzN1vw1jyL+EibYZnCE+d q+7k8hnH2T+Pm54UP1b2RQ5nndq5QitODKCFBdhNEBM7qrYwVxOFiF62Zuy5Dp0B5I /H1pCH4L0uphIRmpMaGpWVjUFA80JmYFFD45NR2RSsyZTfyVwB8bd42tARIYWCm/2U ZkHEV207zoWG0Vyt8vrqTycr3AcY0Q0D43TV3co60oz14pRAclifiO03JJDqkSjb87 W7rX7PQf+uUxw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , Willem de Bruijn , "David S . Miller" , Sasha Levin Subject: [PATCH 6.8 340/715] udp: fix incorrect parameter validation in the udp_lib_getsockopt() function Date: Sun, 24 Mar 2024 18:28:39 -0400 Message-ID: <20240324223455.1342824-341-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324223455.1342824-1-sashal@kernel.org> References: <20240324223455.1342824-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 4bb3ba7b74fceec6f558745b25a43c6521cf5506 ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reviewed-by: Willem de Bruijn Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/udp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index e474b201900f9..17231c0f88302 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -2792,11 +2792,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname, if (get_user(len, optlen)) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); - if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case UDP_CORK: val = udp_test_bit(CORK, sk); -- 2.43.0