Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2481307lqp; Sun, 24 Mar 2024 22:48:26 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVva+f9opjz4S7XzFamZytT+yLDlz/iukXO8/uPe1CEdM2AgE68DiqXvyUOSnnzORK1cRK1mUHcFKF8OFiDdKBxPXzmA566JglaZfQYxA== X-Google-Smtp-Source: AGHT+IGBmS5aY9CMfst4+SWdoXxNU/zs8iRXlWekRg+jEtu71ue4fgBlbmMZzrq55/3+6AyM9WZK X-Received: by 2002:a17:906:f892:b0:a44:7ad0:8069 with SMTP id lg18-20020a170906f89200b00a447ad08069mr3916544ejb.72.1711345706298; Sun, 24 Mar 2024 22:48:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711345706; cv=pass; d=google.com; s=arc-20160816; b=Rhj+70rELw8ioKYiA/94TUKcb4MzsF7JZW5Czz5b+PFa30cdJhLEooQPNana2+JdWL EiMYMX4XNePacdTDoP/52aWZwy7rkLHJ0qIA7WX2cKnOjIak48qOS+wj2gIqsj/S287F Y8LZ2A5RdzcdFPLQrsFYxQ0H3irJ1hj39OQOkBMpH068lgmlwjFlTwRNlRE0sQpkoenm z7wFcSy3OTIXpHrPKK92cBF0ZIEcsLqZB/oXjrZhw2bsy8KgW/zRwgUDclECnx7p5kwp hJHD563mtmuDcp1+0hTkK/9qu8dcBc7h1Byq3FkuigTrD+7UjiiDtmRYEuONOzM22zI+ +AQw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=iDwrbKuVqk49wmiJjTfBdVC6dxX7VzChy9oB5YTYhRQ=; fh=dgo3dL5Ngz52VJMGt6UDJJnqNktK2XCNXvZPbHFVsmM=; b=BV3RhRTgM+TYzPhge2dIqcgxIT6HQlH2BmH0bGG4ivzrxvmM1km8Y2zc5BQLeIt5+m bUjwMKGNaMyq7CSN4ZcQeQRUC3zaOh+vZuZDUafq7RKr+/06XGAH/Js0RgBgQuVwRSG+ QJUPfryZnfUthkQIZVUqqrrifXjt5zyixIG+0Zvqpv9Xh094gBQnOYnOVAqT+cVoGDg3 7u6AOCBPI6k/kFWWcSCme6WV736C/ck2lYMO/iRw5yZ73+Jfcp1xWa9a/eHG7dfV5Oe/ P1C9fiCVZTdXjw9JuIpr8al6qfxBx7/6jG1fUVsJ+dMoQqwSo2tzUkFqF5S8skzUak/1 NueQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Noh4FoI7; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113796-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113796-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id f16-20020a17090631d000b00a471122add5si2115159ejf.644.2024.03.24.22.48.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 22:48:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-113796-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Noh4FoI7; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113796-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113796-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 103B61F33474 for ; Mon, 25 Mar 2024 05:22:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 53B801F9C0C; Sun, 24 Mar 2024 23:01:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Noh4FoI7" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEC7B1DA179; Sun, 24 Mar 2024 22:53:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320815; cv=none; b=qbegBNJWloyEkrtJ+KgkAN7EXCvrEIKGeA7R4201rmM7gnnYqTLx95TtAcerrkE5Tig6P+vVFPsu7bHPDdCA8+ibQlOYe+Vr/cBYRUhq6B8725DQkMs87aecHMLEFp4yNcX7+cRoguinK3fl9SCyL4aMW1xjU6GH3lAAYT0rIDY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320815; c=relaxed/simple; bh=FkpSNpSlpycCmcF3vPsdKNwVZjnMaXFcSIOgP4WTv0Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cs53/wyDAq1UygpnXtpe+tIwpJ5E8o39fLTrHqCPR1d94knUnIJqqR5p0ma2ixjIQQWmn/vK0na0IGaYhIbHauNIsUxkbAjGuljZKpDyzW3DJMEMSOBVVDb9nDkH4Ju8qSnyGVkIv2lkRhSPrj5TpeUcd/CE/0IuDp7byUclYhs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Noh4FoI7; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id F0B80C433F1; Sun, 24 Mar 2024 22:53:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711320814; bh=FkpSNpSlpycCmcF3vPsdKNwVZjnMaXFcSIOgP4WTv0Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Noh4FoI7Uotl4LBilO2RLK/zF8zJKxpDdZ2WRDOROfUZQR2q2RstffbWYSJvwyeFz dBgLeh6N+hwXFY2qJEnveyoTS6dqQNeZL81QQZmoCrpa6DVdLx7bw67qrB0x0PeJZY 5XYTB9NkbhELrDEGdJFOaUBj/puVMQzFwkOsanAtmRYr06whEJKEpSAV/iJRkb626Z MICZyxaMAKVNPhdbfA+gtylgxNP8e/Frili6LMqMCextsWLH9imwySNZSmpQWD2jiV RzaAKPQ8ny9So92uCqEDTqudp+zCpl3P47B0wQx9XjkNMYLK/WqOAwvBWcxk52yBZ1 WRw4dmfcHifZA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , "David S . Miller" , Sasha Levin Subject: [PATCH 6.7 379/713] ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function Date: Sun, 24 Mar 2024 18:41:45 -0400 Message-ID: <20240324224720.1345309-380-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324224720.1345309-1-sashal@kernel.org> References: <20240324224720.1345309-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 5c3be3e0eb44b7f978bb6cbb20ad956adb93f736 ] The 'olr' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'olr' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/ipmr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index e49242706b5f5..66eade3fb629f 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c @@ -1603,9 +1603,11 @@ int ip_mroute_getsockopt(struct sock *sk, int optname, sockptr_t optval, if (copy_from_sockptr(&olr, optlen, sizeof(int))) return -EFAULT; - olr = min_t(unsigned int, olr, sizeof(int)); if (olr < 0) return -EINVAL; + + olr = min_t(unsigned int, olr, sizeof(int)); + if (copy_to_sockptr(optlen, &olr, sizeof(int))) return -EFAULT; if (copy_to_sockptr(optval, &val, olr)) -- 2.43.0