Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2542775lqp; Mon, 25 Mar 2024 01:54:15 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX6RCpRxJRguhCNxERl4GiVtaQ1CFRDfRTBuzAzklCXlytGvTT0IWMs4Z9Vu8z3eKqOoTH2G6xJ2Z3jGGAkcXMCAl2EhJTuFEJo8oMfTQ== X-Google-Smtp-Source: AGHT+IFo9kX4611rIBYYxx0GpUyauNjHPTIM5PMKeEgTDcogY6W8QZTkGjKauJUAUrMZHmg/Ihyz X-Received: by 2002:a05:6358:98a4:b0:17f:565c:8dad with SMTP id q36-20020a05635898a400b0017f565c8dadmr6763008rwa.24.1711356855099; Mon, 25 Mar 2024 01:54:15 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711356855; cv=pass; d=google.com; s=arc-20160816; b=p9YM3EFgkN9VDytqisyAMIbHDLTpek9F5ByXqvVqWWRoifzc+3XPsFFxKGO5AlxLxv YW6YOXUaaoEKwqZN7K2p7M52meBUtD0o2Oi3klRx9en9Dhaw1dF//v1nCXMciTYXccTc VakRydoNH6i6vErF+lNJBm44FzJisnFc+HK6iJy31GkDgEMeMOsFXx562gEMfB9nZ2Fx EPKHO/HhjwxfibjNzVqiP1VnpZSpDer3k1XTc5sVckiTTptNvXIRiI7/Jlas0atiG8jj m+JE6mDeI/zYI5TQmiVMfcZCH1cTHPkalbJoYQKk9c/AO6+LUa/Fbx3QyjlhL6MI8CWy hCtg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=EolixsaLQ3FTdPwneU773SQ2twWe2D36WzLsRcoNYXQ=; fh=dgo3dL5Ngz52VJMGt6UDJJnqNktK2XCNXvZPbHFVsmM=; b=IG/zgiNzQ4hs/Q9psvbgR5B/O6wF8JWoJoUx6kLu3g2dSNlegOnftto7PThZilqhMt nIkk5YAoT+DmCp6Wg8UyPfQcZSNoGt50jvhUngQfOkJhdpDlSMzOdYAA+k14+gRnc1bj l+uopuDq4ydQm8JxAiC1U4HJ5VutiU460R2bn+Wm1o3zvkopjF6KJ0+pWJKO6pX4PL3p I2B6rqq1A8rhN/pTGbYcVtmTmofk4rC0dE8xm4X2PIc9CUd1+GcHEIPe9K1Lew4YxbyQ jCgJtwgX1T+JwtOAi0KDJP3A2O0m7p459v1x+W9yo9Nz1KMSPgXUI/ODwpDKNYn1/qvW ukgg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="QjdtJ/Yq"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116052-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116052-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id o3-20020a634103000000b005dcbbbdb1c0si6963940pga.437.2024.03.25.01.54.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 01:54:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-116052-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="QjdtJ/Yq"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116052-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116052-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id C5390B3400D for ; Mon, 25 Mar 2024 08:21:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C09CD2779C7; Mon, 25 Mar 2024 03:28:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QjdtJ/Yq" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 694D027898A; Sun, 24 Mar 2024 23:37:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323448; cv=none; b=u1SmfKzyXwLE+RZL62GUbfrjBaoHRw8CUuAT9H+/vzwrzqpEmLk7f8N+pqzSH53VEAvqQLdQT4K9H8qRE6lo6wIKkEe5fpXtyWxLnzitsMwV4wH0Z+Tuv19Nk5loG9KdOBaqYxrnKME7RQZ0Zh1H5I10zU/yYOt1ABowuLSnn2U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323448; c=relaxed/simple; bh=O1ttdYRd31tN3Bf5moUZC9unMWcanh8NkZgXi6l8KEM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cWOSjU5Ij0EUjXpH6y8Y+bt60Eiio0pWiwpU6JOtn2+E+qj/ZMMkpEekZpNXi0AqYE7OAvvmGtS6L4noHryy8ZlmlaxBd0HoMoMdMucQIexZ+OtGNnjQIjAJs3qUbYRFMzDY3plCXDSyq6hnL1vJYc9+YTAKJRQRavC/HxXHB9s= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QjdtJ/Yq; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id A3BFEC433F1; Sun, 24 Mar 2024 23:37:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711323448; bh=O1ttdYRd31tN3Bf5moUZC9unMWcanh8NkZgXi6l8KEM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QjdtJ/YqoJicYxdqfENfPMgUuDE6LRw70R9HFirT+NaQz2oB36kZQ4Tx5uvgTQ8rx LtMYPsPreo2/sLKIIYSMZeQ1mL+yqCheSIFoLPKr0WK2WZNmv0aUoyVXE0rGdhq+hl Bq2i0n/83EedccdQmRYRDKrwjuyZt+FaKc70cNPSZtt5bxFUSszCgFquMPYwz/djRY qj2B9nGbnVmoBQjUKhLcmibIY55aiQnelW/RbV2TENCUoQJmU9/1hvABnvDzxoztak czmVXptA3y3kfc05tGBGIfbhFfx7S/JOrSEkM67ZPHWEWA6qLUjg7A/CkPyOG1KiXT 1h6EqLxQ5t5Pg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , "David S . Miller" , Sasha Levin Subject: [PATCH 5.15 151/317] net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function Date: Sun, 24 Mar 2024 19:32:11 -0400 Message-ID: <20240324233458.1352854-152-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324233458.1352854-1-sashal@kernel.org> References: <20240324233458.1352854-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 3ed5f415133f9b7518fbe55ba9ae9a3f5e700929 ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/kcm/kcmsock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c index 0d1ab4149553c..5457ca1909801 100644 --- a/net/kcm/kcmsock.c +++ b/net/kcm/kcmsock.c @@ -1275,10 +1275,11 @@ static int kcm_getsockopt(struct socket *sock, int level, int optname, if (get_user(len, optlen)) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case KCM_RECV_DISABLE: val = kcm->rx_disabled; -- 2.43.0