Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2536359lqp; Mon, 25 Mar 2024 01:34:53 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVBkJAwtEwsPITDMVMsgnEe18ZtxAbXK+yi//VTyvXe5JZU1jcM7szY6G7Z5Jbtws2zprbAlVdY4FvVwywfMeLnPYutZcs0g/CBujL3Xw== X-Google-Smtp-Source: AGHT+IHS4eaojB0XZZjbONIoQc4hwYbS962Z/cr/+3pvctRRHMrBDstaPAjJUj4yHmKOYWRPwZlI X-Received: by 2002:ac8:5d86:0:b0:430:bbe5:ca08 with SMTP id d6-20020ac85d86000000b00430bbe5ca08mr7746000qtx.61.1711355693151; Mon, 25 Mar 2024 01:34:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711355693; cv=pass; d=google.com; s=arc-20160816; b=q00558WqJDeSztA3Ua7YXbJuvBjM3d/Ee4Nad5Vv15xHZxdE8TjAjaUI0xSatSRWB/ f4fVJfMutWOIeSvBQV3hZXmiWHADAsBaxPMIorD//HwQgRfKUeR1RFeRHVnAsU3RZxAr YnxpwpQqNp/LmOvbU6kLdAX9H8o/NPTNoKs3xm4V3af3BUYSgJjMDwNaNFv9NnlhpZ7Y X987hYhlqodjvy3Qc9eEv3+T3fdkGn2JNtlpEZJizJrdzDOh1ksP1wbgUGH3LrVtP85c qnBo/SuDSyC2KDI0VzVHgwBweixVILPkvplVlWwHfwL8IjeECjSXqzKqM8tgY1SHRGxu NWXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=2Vx5MuPK7uL3eUvA38Js2sdeP9hGa/l1VyoHgatJhwg=; fh=3rysoXM2rdN9BGDZv0rDH1QSB0DsyZhdDh+wL2wqffI=; b=qCzb59hiJ8NttMzZWetyA+i47QNVB9Tl/2+Y15+7wMduYYXygqr2GYFCBQa69Rlu+c bdZ2cnXiGZTAiSHO6/IVmP1J8mYMp3LObIHCByeDmyw3mwfQTd3McAF2IhKgzasXH9LD i3sPX5qGVw7TkYyJI1fWaxcJiTSyprG7ST0MJiNq9a4NIGf6ZUw+JjxffI2pvuKAyk26 BEF4FtBqChXhO6YuUof1Oei1N5QjZs7sNu6cn9yErlgNNysG/OvcxoyejdE075bs0K/X 3267H5XcpfSO3hyfE8sD4JFNBcAf7IABNjDk75oWXwLs7qltz8L3kid96Z124zEBZOjI Sg3Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rb6ORpPB; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116163-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116163-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id r6-20020a05622a034600b004315b0bb5e5si1141315qtw.315.2024.03.25.01.34.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 01:34:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-116163-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rb6ORpPB; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116163-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116163-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D8E111C2FAF8 for ; Mon, 25 Mar 2024 08:34:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1961E3B4826; Mon, 25 Mar 2024 03:32:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rb6ORpPB" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 92D6C5C60D; Sun, 24 Mar 2024 23:42:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323733; cv=none; b=eoFK6VvNHuV0bx/FH50xWqR59zGTQMlzvX14FoRNtSWszgmJE15beEQUmsHplhcXyW5n/hMRcqWRrTBrD3I4qyqiNV6MSbgkvNtKulMTk82fe1kXysKWY4SVoRPuQuPRsOMqShBznfUybf8g9YWe11yA/c6QQt3zTnRWMiCXMQs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323733; c=relaxed/simple; bh=D5Tipd9xo1HJm1VvdgmJe7YzPbbv3V3wVv5yCSQb65w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S51/1H+9G5yB3N8GrQ8/2JxpuEHrO45h9iBkh9MvijlW02HxH8VqlrHfW3rYH1bDQFptgZ68DerqoNv/w0EmAUW9p9pnLnKTerkMGhjCNwlIbgpYsLJzJsvwcnX7b7T0S5yh2IHZP/N4bq095JGpBxB+wnZZGenDsviiBq3LgU8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rb6ORpPB; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD306C43394; Sun, 24 Mar 2024 23:42:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711323733; bh=D5Tipd9xo1HJm1VvdgmJe7YzPbbv3V3wVv5yCSQb65w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rb6ORpPBrYBfVyHCAcEtCooZxITYGErnNCJUewKWpEezSHlOZbcIXcETSyGFxqnSe //XL+v1X81ItP/SwNRtZIg/AE5ILzLGuhUAq9reL9t4wUqPFwt0WYIhlJEe2dX0z43 odf5B9FcV0nSu63s45/0FH+SZrLGA1PyX1my8HdqP86/84GX0TsjO703DpnPwu9TZn +pCZXM8ed63lRslwshqU3za9uBa1WRFI3HCHB6kRq8U0hRgKQEz+Iu0ufqx1B2pBMi irYF3ZJds/uVZpaHD+9zEBdlyNRY/q+BaFiMPta4eUUHfwUc+Jk7Fuy97El/vW1Oqn Ox7kDaVkmS7pw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , Willem de Bruijn , "David S . Miller" , Sasha Levin Subject: [PATCH 5.10 107/238] udp: fix incorrect parameter validation in the udp_lib_getsockopt() function Date: Sun, 24 Mar 2024 19:38:15 -0400 Message-ID: <20240324234027.1354210-108-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324234027.1354210-1-sashal@kernel.org> References: <20240324234027.1354210-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 4bb3ba7b74fceec6f558745b25a43c6521cf5506 ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reviewed-by: Willem de Bruijn Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/udp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 476f79f1563a8..b2541c7d7c87f 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -2748,11 +2748,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname, if (get_user(len, optlen)) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); - if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case UDP_CORK: val = READ_ONCE(up->corkflag); -- 2.43.0