Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2530812lqp; Mon, 25 Mar 2024 01:20:21 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUjEGmzaNs5QwDfd+RPNbeG6+rtLod0fD9/auDmUOAUdaCc6YIzaAT6pHqcxFmRIagOJbbnUR/xCOKrnBFGCwz4eqFCKHyGjaXbJ2BkuQ== X-Google-Smtp-Source: AGHT+IHDhuLUnKNxBrPsVZRFUQGZ2dx6nEBBm1Mnbo8SJjwpRnQ4L9nccZOsNynCBc4MFNHg5h/6 X-Received: by 2002:a17:90b:243:b0:29b:b485:f4f8 with SMTP id fz3-20020a17090b024300b0029bb485f4f8mr5664181pjb.20.1711354821572; Mon, 25 Mar 2024 01:20:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711354821; cv=pass; d=google.com; s=arc-20160816; b=LC9CqyfMxPvVRBtaSPPex3DHNETx4JO3srfGZQIYA/Pp33ysb3lJgHy0Vpp9JE9MUt KuHQE9tpQ41fEcWKcWejNwAx5JJTNAJwXl4h8HH2PqKu2KxZlCJES38dvsG7ewZ00XUs CR82HtJ46VhjAf3nj97IbOyqbv3p4yBAW/vdeS3CTeSDMw7Lfv3Mnc854+pxABioiHqT tjD9b/Qb6SK5Uhz5fqI6PgAcvBJisHzz2A5+IqsbBr1qQtc0FCnEi7oMynawYPA0+76t V4R7IKIMw5kJFSkmHe2AfVWD4KmgIiYtQhmxISlP0KMcdhIEg7ZJP91kve73LiVVlalZ aRvA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=6TCqQf16Ir88Oxwju8ihKwBdRoplbVaQ2OqB7Yl3/PI=; fh=Md7EcTWe18BFLXa/NFjTdAq1RnNmcXYsjSXnwSOO/TQ=; b=dARn2OAANOVWkGJdFm3gUGZ8S3zDEj18yWe8L8SLsyT+GX6Q/ksNlU0puOSPNcoa/q dUC6yVviq3/y/3a2AaM2CgSYWtEfb1Q4KIxz7zGtcrLVQ6ymiE0NYlBckyvCNBJrZBQ3 ZyMF6kG7zY1EeJ6z4XqCudHE+8syobbRBoje0BGy5lf+R5D25rdgQOJpRIxMKc28tVzj ZO9uBh4AixURmqZMWiFKu/n3GclQP/o/Jax2YrMMgK1jwGcC1HZLuTgDefXvjQSfb6s5 EZ07b8jDT/JdF48Drf6K2eNQSL/vg17w/PvsAsfq/UMjf/Zxh1KeXCFxfb6xkOcCKcJa GxPw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cjh4ds18; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116048-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116048-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id w1-20020a17090a6b8100b002a0440dcab0si5446598pjj.171.2024.03.25.01.20.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 01:20:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-116048-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cjh4ds18; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116048-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116048-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 32CEA296AC5 for ; Mon, 25 Mar 2024 08:20:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 510EB275505; Mon, 25 Mar 2024 03:28:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cjh4ds18" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE7FA130A77; Sun, 24 Mar 2024 23:37:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323443; cv=none; b=pkw/V+APX1csaaQ5AV19/XJm5SAxUA5A/ZuCsVfBrUUAyYxXNhtdISVqUeUEjYIhyO4KxNNtitX3QYoU4XcEAuEtH6gFjMgiiT11D842JFWw0rRI0ftL4uhXp5WLqnVzTXALuWcTXFsQmYwKbTb0fnKdMdP2AWlbVnaMBTg0pvE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323443; c=relaxed/simple; bh=ZQKYH0zfiHgPG7eaYpqeQo2xkINccJ6hyEvMKz+eHcw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=npma3Jx8yVS694ANTnv8VGJs+sGws66VAVi2o5GgPQAVghV0I37l5knpd2ENBwPFzOOQerdFfpJP/Oapcm10N3MMEpLLBptCcepwN+ja5Nf6YcmtyeQEV7EiNUqpRm29nOcJybc8u4HTbPUDxw8RmzUzS/qChSXsp2NX4Zn4zbM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cjh4ds18; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 255D5C433A6; Sun, 24 Mar 2024 23:37:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711323441; bh=ZQKYH0zfiHgPG7eaYpqeQo2xkINccJ6hyEvMKz+eHcw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cjh4ds18t4XhbL6NLMy81nJvFcHcwQ9RosU4gp+ygE7sQTI6IJXj8kWU98YaO+Kmg 9uqwR432JJQq9nt8cWGf/aPVh6boPeblykQl7kwnSe4s+tFNWRKNGJvaKhGdlna2dM hOLyY+jLLCbDGbeeI29HMyB5Yyu6/Vh4bAIT51H9i+y3kux0+4Gy89I2lAoLkDCQ9M rFd89aEte30fGA45jkQhvpkJdx0aoJUZ5yROfnwhcIhWEk4zJrGs3BmT2kCPbmJXI1 60Kf4iL7rNRt7LEfCw/T++o4dYzpQh85dviFhgPOmlC51G5cjEOIwyo+ZAiZLcDUPT 6RhDt5TLqcXKA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , Jason Xing , "David S . Miller" , Sasha Levin Subject: [PATCH 5.15 144/317] tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function Date: Sun, 24 Mar 2024 19:32:04 -0400 Message-ID: <20240324233458.1352854-145-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324233458.1352854-1-sashal@kernel.org> References: <20240324233458.1352854-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 716edc9706deb3bb2ff56e2eeb83559cea8f22db ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Gavrilov Ilia Reviewed-by: Jason Xing Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/tcp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 626cef75afe7a..521c15962c719 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -3965,11 +3965,11 @@ static int do_tcp_getsockopt(struct sock *sk, int level, if (get_user(len, optlen)) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); - if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case TCP_MAXSEG: val = tp->mss_cache; -- 2.43.0