Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2489261lqp; Sun, 24 Mar 2024 23:14:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWjp2xPCTHCdHQ4SBZhcfd7/MFQPuT0rW1QimK6RyDVXFmJgsdg5k+fU4/lK5US4Le6jq5RYE3ZEMA7MP2hsttOkelOMvkSjdPOnyZ1hg== X-Google-Smtp-Source: AGHT+IEr9Xnf/xeboAnUrSpEAMGPSyUX1RprQzoZS7xQJ/dCGgDB/SMB0uaneT66dxFm6DQhy4jH X-Received: by 2002:a05:620a:f8f:b0:78a:26a7:624f with SMTP id b15-20020a05620a0f8f00b0078a26a7624fmr5576807qkn.23.1711347295979; Sun, 24 Mar 2024 23:14:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711347295; cv=pass; d=google.com; s=arc-20160816; b=Urpb9qnS/gLR1bM3lD3BQVLd0R2j4YRnVddIGyUXyDD0c+yC52GkKUgFUFULW1IiA2 6zuNHJp1F8aN6rM2ZWyfSUnsAbmiQgYvQcmJXZBp/bbGvXSYqU5yBl/0QbilBuUEF9Wo QIK8vWwTFNKhA6LjbpIRmyQYBpM43smKpVL6xLZCGgLIieFKBdpwpbqOPwH6XvaYD9c9 zGBCQ8Hd9KxwTDqLZbH9hVpfPGbJ+sScLzUDAYZ8h781kx3/gZu27ijFWNtBLEQQpf2t 0JOmJI4RxzvSbfurxDsYBtUtk8u9MtxGUba1PYuSyAeJwKnxb8WA6ji12VKjPzvZUTM+ 5ASg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=tvuXaKMCQszX2c3s/rmLVTxcHuYY0k4zTranJ7Fpa6w=; fh=3rysoXM2rdN9BGDZv0rDH1QSB0DsyZhdDh+wL2wqffI=; b=ED5+mkuAq2hTtVZO0Rh2eID15p1qxYfkz9emu7G8/kbJZ4qNDB8I3KO5wMnz/9Ce83 dD19ca3wfoTWyQk6KXpT6VlYMPERHpSFwdUkf9M9KvGqCc8YHX6MIFpIXPPbWcWq93Nh s2xisHBkp1nyVO7dAVMJHMhA8DQrH4a8u9cPIIx2wVEA1ZybLOaYakT911oTW2v+0nDQ ExGJvKe2nFbPu5X9IriYB6YOyxSZiOVMqLs0PNJE1Rsj8mvHIess/lQHKjo7pXZYbvOP 6sLgwUZL4U8nAY8ZnZtS587evODzKRENxcx38D/uPwvwiAkCrOCqM7VOn6MEQ+MGJZzd uaow==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TIOImOAf; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id i12-20020a37c20c000000b0078a3c669016si4629632qkm.70.2024.03.24.23.14.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 23:14:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TIOImOAf; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id AF6411C2C275 for ; Mon, 25 Mar 2024 06:14:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4FD2E28FEC2; Sun, 24 Mar 2024 23:49:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TIOImOAf" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37E37149E0F; Sun, 24 Mar 2024 23:15:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711322151; cv=none; b=gPQfGZs/VkDYUUd8B7XJ6K/Qid3qXP5Em1C8Fwm9PLaaHPUeAwT2em5BRtcV8s6ry5mbCCCmfqBKtw7e6+G1P6pO2n4zgUqtmoSmxrSYOTm37FYZ6Ovo3lAWM/LKcnTTf1owQcx7w/v2aPqzoSePe3nqQ4Yjs5MjnXmiVytWGDw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711322151; c=relaxed/simple; bh=fl7NnVGSSlcrH+GcOWmHYXsxcie4uE+LpNiwHizCaBk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kMrLRTiAW5+fmupgZ+oa44dEvzZVUqjkGzQPBrUxFz1frGe5c/J6ChYIRUY9/FpaoK7a7CVh6GBKkil7VVIVWLt6ju3DfchHE0DGx/RhzW9YEZ0ZG1QiYvCH1nhyCHvCxiftLwBao5x46p245ggVo1mUcRmlSGOfKIpNh3UANck= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TIOImOAf; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E397C433F1; Sun, 24 Mar 2024 23:15:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711322150; bh=fl7NnVGSSlcrH+GcOWmHYXsxcie4uE+LpNiwHizCaBk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TIOImOAfMrgc99r8TYQy+VsvHErvxeZnQ1IK4LG3k7dNHp0bapGxan2PBy7ukK6ij qxhP8zaiva9jQK3lbIt1gw8g1teYSgAu6ZGokHyHdtsrbF2zLy3HGPxkED4I4Lfua6 uLL2LUzBPSyt7HPereTvWCfMb+xCBtsqHJVuPCHmsUIu9zlDtzShIEBwfVLcG3toSV 4Mhtei8L/g2mU/3sRxWenLDTahxvHSdSxtwdPyLJkfNz3r3hQNTAr/ybcbZwT1kWTI bnveHM7wofL8ATrIRaOKMX5aLoLmbRtC2I13YQr7k/3gpwi1hTktOcO+1TT4BaG0kn dOTEiazCunlXg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , Willem de Bruijn , "David S . Miller" , Sasha Levin Subject: [PATCH 6.1 227/451] udp: fix incorrect parameter validation in the udp_lib_getsockopt() function Date: Sun, 24 Mar 2024 19:08:23 -0400 Message-ID: <20240324231207.1351418-228-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324231207.1351418-1-sashal@kernel.org> References: <20240324231207.1351418-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 4bb3ba7b74fceec6f558745b25a43c6521cf5506 ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reviewed-by: Willem de Bruijn Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/udp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 87d759bab0012..7856b7a3e0ee9 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -2790,11 +2790,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname, if (get_user(len, optlen)) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); - if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case UDP_CORK: val = udp_test_bit(CORK, sk); -- 2.43.0