Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2531053lqp; Mon, 25 Mar 2024 01:21:06 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWt4RQmtdsIrPO1KQrn2uoJ7JPljAqgjNVN43jwblzJE6fMkxV+6oD211uk2C0VNquu13CdzgOKeV5cR9EblWqIciHG5o0HLxoNovxTLg== X-Google-Smtp-Source: AGHT+IEcTELYGfWOv4ShRMeePt5XC2kQujs6pka+rK79JZ34H/N50n4JZpuecqqDxYhg+2fgW+Gm X-Received: by 2002:a17:90a:a08e:b0:29f:f619:7c2f with SMTP id r14-20020a17090aa08e00b0029ff6197c2fmr3982323pjp.27.1711354866642; Mon, 25 Mar 2024 01:21:06 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711354866; cv=pass; d=google.com; s=arc-20160816; b=tx6P9GXXD0s2p15urzygvgpeGdsQFJZrn76Ijaek/rr5Oy4onae3oMN6OgVSJQ97CO 9g1jRllfs4VSev9maVw0+IASkvJQ0/xjdxjkeaWrXlfXFZ5SodMh8WjQH/bFwcp37DBx 3fX57SBMeW0lmWDKL86DtWh2A/yvjyYgHX9dXDHsHBSCwDz2hfXuzgc0dBzzF/Zer5lT HH2Uyt1VwKrYAvfa/IuCPTDulzYg9yrWbFKutdGwwywc2q04FWOO1LguS3/twdpjDNLY Cl+peysqrJCAnM+tfPgjLq52SFZfOJ5fPCw1aqMatY/ITNEFEB8Cu7/oTHQhVNhnfIKM Dqxw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=rI2SnA32smBH6pyjA3N6HJSPbaoT78NTkBGhjHhIQSQ=; fh=dgo3dL5Ngz52VJMGt6UDJJnqNktK2XCNXvZPbHFVsmM=; b=tY0rKtyv9usBcCBLl40mesA1zpNx1UuZxPzMGViJTYsLhmh6j1mn4pSbyYu+rWPt1L XQ5sjJx6mhBrMBXzo+464DlJ2TWuQAUjL8ZHb0S1aDmy3ui0YBJMIHciRo5Mk6GeQxhj qQeJjq07g+WI00QM1mcng/s0+uhPMbBXTR6OozNbUq4LGUHoa751ZdlzP2WXGIHEcjZj z8mzgi2OMEo0alQdR1FgFPmiTPjUaAiYeUjrZetZHZ2GiG+HN2ZVq3rBbtjMRKcguBfX 8R7cq666orfuDaKQq4pnmd3YsmZvkP3B75DSnUyf49bfnInHpyEg+KomstQ/VAW+XTTD JNsw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WebdqqqQ; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116046-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116046-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id w1-20020a17090a6b8100b002a0440dcab0si5446598pjj.171.2024.03.25.01.21.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 01:21:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-116046-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WebdqqqQ; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116046-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116046-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 3AFF52971C1 for ; Mon, 25 Mar 2024 08:21:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5B4AC2745D1; Mon, 25 Mar 2024 03:28:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WebdqqqQ" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 893001769E7; Sun, 24 Mar 2024 23:37:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323446; cv=none; b=nBGs2X43px6XRFhxyIr5I0KcynGenQGfyl2eX02hAeXecEqgaRMMoWB2FxHwFY+0QnW0T+4Kfu+S1FxopGeq6ryZpt61pEFKcfVTGdwOwJOantFTZzEjhE6D3On1YAzgMZwhSARk6Jn8LkYWi8W0tg0MhWtWs/GEIQg8eVQAV58= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323446; c=relaxed/simple; bh=SsSv/d1AqjxdLmdNQv7XU4Xc7XOK/CXqj/W6WILv7OE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dV9yBkZFn6wKSDdy/A9gtyZxsKe4ifuznXnnGN260D8xTaaHeMwevEjHSPVG9EqvqdevpKJNabcpEVqOC1tHfox7fw2tUrgtFQwJKmH00xdpXxgNfgyydFZANNDaYFtJ6Qd4FdjzoxqvYaVDjowhnGeerCRCVEZvtnPt9BLFu/I= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WebdqqqQ; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id C76E1C43390; Sun, 24 Mar 2024 23:37:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711323445; bh=SsSv/d1AqjxdLmdNQv7XU4Xc7XOK/CXqj/W6WILv7OE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WebdqqqQ6OsXiCq1CbtaOBYyWHtvOZ32L6c9TC8FSoWjSOYHMJz/gWa8cu5/ZySNM IvMylsB0oU4N4PdP1P74dhAf4qXPymMekjfdhHYgLJNeoB83NtEk2u+6o2LFzoCKfu iA6wT+qS2GnevJ4Yth6Y7xy7n2QmeHX2Q4fOq0s7ADNU5VWdHhMUxn8jY/mQmmpOVc s2Nd0QAWBUFF9XGqpWhuI+qQDZkXVaFogScxhNKMOX10y2xJOXxpN+qjwmV7rdAg1M n74lidck4xmpAR/zd/bUSMhWJk/lkygHF97JgVOUr01K0v6smXkeHDxSlFCJy4v4vZ RYGy6+1hmiY7g== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , "David S . Miller" , Sasha Levin Subject: [PATCH 5.15 148/317] ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function Date: Sun, 24 Mar 2024 19:32:08 -0400 Message-ID: <20240324233458.1352854-149-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324233458.1352854-1-sashal@kernel.org> References: <20240324233458.1352854-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 5c3be3e0eb44b7f978bb6cbb20ad956adb93f736 ] The 'olr' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'olr' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/ipmr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index eb3c09340aef8..c9a633559258c 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c @@ -1574,9 +1574,11 @@ int ip_mroute_getsockopt(struct sock *sk, int optname, sockptr_t optval, if (copy_from_sockptr(&olr, optlen, sizeof(int))) return -EFAULT; - olr = min_t(unsigned int, olr, sizeof(int)); if (olr < 0) return -EINVAL; + + olr = min_t(unsigned int, olr, sizeof(int)); + if (copy_to_sockptr(optlen, &olr, sizeof(int))) return -EFAULT; if (copy_to_sockptr(optval, &val, olr)) -- 2.43.0