Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2380188lqp; Sun, 24 Mar 2024 16:50:44 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXDDi7gKo65gp2xhl5BhnGpNMtMF7t41VDUdEeHeYELxvk450BzD0WDRJd2DNAUEz0t5or7UxeIhbyTkuKod3ljxLBgJ0x8+0f3kQGXEg== X-Google-Smtp-Source: AGHT+IGtC0QWikIYCmWOBdzbD/lbgDJEvh0CRfAz3IGEWXhRoq7jODy11JRhds43gHdqx9QgHs1n X-Received: by 2002:ac8:5ac1:0:b0:431:57e:d205 with SMTP id d1-20020ac85ac1000000b00431057ed205mr7044042qtd.58.1711324244223; Sun, 24 Mar 2024 16:50:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711324244; cv=pass; d=google.com; s=arc-20160816; b=V6PLtR94D6IQJRzvEzjgmEzqtmbWFaZmj9ndSppBzEJb1fFqehdaXSUb6RsKR0cwwS NbGeohFwHJk1ItZ6b7W4iRe8oB0pqCjD6Lg+1taN9btKlEY8vQYUBEvpPMaKzoP0XEzN zSCD4wqLYOou/O1E1iVpUtk73/VaNRccRrvlkou9zi0gDaCrc01fE41MrrohVeyUc9uB Dn9ZQ6xWDUbrwgsGcsfv5xx20whGvASbgz0gubrs7BbdhQvqXH7sQRmPCSIqv6V2bQXw fVPj7WlpKA6Li8AmXt/SOMOsVEQMmUo0pM9O39SyTGIaNM2F7r96mOJOyXffTxiuZZjB uDtA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=GszZbgoa2v4D66qBQ1o4xEXirv+K6z85HwLAdss29nU=; fh=dgo3dL5Ngz52VJMGt6UDJJnqNktK2XCNXvZPbHFVsmM=; b=YUKHy29+UrSUHferFQo0LO2/VSYrXCAKT2Ll1D2jBEZkoyrbUze/iLqjo3dlf58WdQ 7ywpcRk+W4tefiz6YGda2A+rYAOAzLWd5PIR/x377AvtnQnatPh0c0eFV3+HB3xtRT8a 9L+EmKekVUNNfhHWALnl4GevNHlbySI/T35Uz+P4QWXaTOuCU72jTg1DrJqmTZoBQ8VY T0Vt5sdPqjeT6H+WCLFZ6WPYUOAfn/GwCIveEvuhLLdEvzzlBb0jiVFMoXeeEHqS4WaT GcycxLWJAtc8geyjDAgIdcRTTcaQsfAbiIpWZlGqVaDqlXa6+UUOjHRjjuRalSHgeRKg Kcvg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Fp1jWJ8W; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113232-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113232-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id w4-20020a05622a134400b004311b078a77si4453046qtk.58.2024.03.24.16.50.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 16:50:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-113232-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Fp1jWJ8W; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113232-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113232-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id EA3021C229E7 for ; Sun, 24 Mar 2024 23:50:43 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0A3C3183B89; Sun, 24 Mar 2024 22:40:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Fp1jWJ8W" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E69013C911; Sun, 24 Mar 2024 22:40:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320033; cv=none; b=kcLOGeE2ceIknPdlSST2XQNUmJjxY3DtI53Se12b2olEsgblnpIoAGJB6Hnjsor1MGfMFvhwrPiho2bdWi/m+uTcA1HvyvR0NyAUgsIUa1duAChrVdgSJzSPPooen4e0FkgHdyk+NUG4Kuyqi0OPkKqb8C8++hDc3bxbc3IBe4g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320033; c=relaxed/simple; bh=KEnJYE7iFGmp2/B2QX8PVoBww/lPOvrAXRR2IkS82Ls=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hNp6DNTTxDIftg5/Ibz+9XXpHEeFYsM6mQGMBpM5IOoCcq3zYYvrFfITmzp5zvjE1v8dZyNY5a5oWPe+6BoN9xnviXpuPiyni32KfhVfgBixb4wKBdMkTQ0VucdOv+f0UnQEmbCe/0LRP7icdCbswyrs4AzoVTDCAScbzamN5ZI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Fp1jWJ8W; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6002EC433C7; Sun, 24 Mar 2024 22:40:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711320033; bh=KEnJYE7iFGmp2/B2QX8PVoBww/lPOvrAXRR2IkS82Ls=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Fp1jWJ8W5X34j5sdTgMUPr/iCSiupe9ekZKv4hrTNY3HC9e4sspiKeyCR1mryceJ7 SBuX8ReIGtmhcmUtFqXYsViKGixlCNSKGbdiCdqsYwycZIJSAX0IgxwxR9aiRxv+E9 wzJeGH1emxpQLHCb3ziNfH5z4tWRSgxVTotBlvLZtnyIBNxp8l/DfUg6U5Iq3wxpvj iUSlSF9RMJb6qioC0L8oaWGNgwU0nqxuyJ72MStRUkZ2GQknRoXXhYtOtVwBQCWUEm yMyEPQ3iqJ9GTbTw3bXC8vbdxH97jvJTIVMCPagAcht8cvYE1h2lNVNqliwU6LY7pm eeVusImKeVsww== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , "David S . Miller" , Sasha Levin Subject: [PATCH 6.8 341/715] net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function Date: Sun, 24 Mar 2024 18:28:40 -0400 Message-ID: <20240324223455.1342824-342-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324223455.1342824-1-sashal@kernel.org> References: <20240324223455.1342824-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 3ed5f415133f9b7518fbe55ba9ae9a3f5e700929 ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/kcm/kcmsock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c index 1184d40167b86..eda933c097926 100644 --- a/net/kcm/kcmsock.c +++ b/net/kcm/kcmsock.c @@ -1152,10 +1152,11 @@ static int kcm_getsockopt(struct socket *sock, int level, int optname, if (get_user(len, optlen)) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case KCM_RECV_DISABLE: val = kcm->rx_disabled; -- 2.43.0