Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2543089lqp; Mon, 25 Mar 2024 01:55:18 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVXC7mBsw2eTH0RM/vyR9Yn9Gq42lCqlUD1hQS5fGa8FPgSqdgzbWCs7Yx01GsFwfAtJEqSftr0qakTBN0RCjcEh5wNHnCUB3jWz+z+HQ== X-Google-Smtp-Source: AGHT+IG5D77FYSDQ03QAJW6MhL6wWIohHzKHVCInWlKlIlB1OiPtJ03Qj99aWJk7JkBKTqctK6KH X-Received: by 2002:a25:ab6a:0:b0:dc7:43aa:5c0b with SMTP id u97-20020a25ab6a000000b00dc743aa5c0bmr4410540ybi.21.1711356918022; Mon, 25 Mar 2024 01:55:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711356918; cv=pass; d=google.com; s=arc-20160816; b=a0C69ngWc17qLciILJgPxTsYhrfUx3d05XmpzDCeY0tPgq50AZZXaVZgffBpfDTIgW peZKD2lKo0gujCzHBLdOVsfJK+fNHXECMZ1omYmnf/adkv/whEyYZdgT3ktBz+sSuGxD iAwo4j/6G9LUZC5/HzxQ3BTEQHP+BhIvgaMKDnYZ/Ut2LUMx6l0br7Xqni2xnmlUVn2k qBPM6EgAkFE0+ammbtnbmHgJia8EUgGnyzxFvL3FEmurbvQGsSW1ndI+uoe1SowAM4zn qr5hnk9NNvp4gHdoCtlwDc7MC0vvQCzaZz8fuXWYB39hNqS7VIQmnYQfLeDq1xZq75CW WIOg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=MTcANzypEGVtnxRSjT5FThGGOZrtQcxC5adA1tcVJeQ=; fh=dgo3dL5Ngz52VJMGt6UDJJnqNktK2XCNXvZPbHFVsmM=; b=EzAHKz+wnzncJ1MkH5rDg6YTq1gGQsGNrtVqzWOY8bSYfLCW80UOlV+wGSQTEg2VrV IIarfuREH0dT7BSWLnZ3B5pRogklx3sb4aNgx2XwlTKTVXOmuJXyYE23lZ7CEuVbiTi8 +u0WBDjQ3dmIx6RRC2eTOi1cII/nhGpALAAucaicay3QgiuQenZPnsSWg+DRm/y/EUDe KBIixmfcD89sxYK8qfKqZw1u/OPHyiAJWpZaeJOVBVBu+tZFjHjXJBix4qh3HVh+B5xZ kAi/mLSOfnCw5eGLM5NYjzTxprJoGkPEBt3nBSXRhdqITTtgbwpKN4cq6SAo91ghObnp 1P3A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HDq70iqd; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115939-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115939-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id f1-20020a05622a104100b0043157f2ceefsi1525453qte.688.2024.03.25.01.55.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 01:55:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-115939-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HDq70iqd; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115939-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115939-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id BA2CF1C304E2 for ; Mon, 25 Mar 2024 08:55:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6D1FD38E717; Mon, 25 Mar 2024 03:04:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HDq70iqd" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2266B22AB83; Sun, 24 Mar 2024 23:15:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711322152; cv=none; b=kqytF4+xFaqCPx2UkXJhmfXL7UyWk2LXHXd/63MkCc8ewLUgsIphhfFwBCHZ6df0yoivxHvrJyl879YlcBNaj3tN4zmDL4bftH62IKZ3x6hhU7CukrFyCHqjbJpKy1vhQGOKdrtMX3s0zSf3x75E3G4wKyxGIYzAHZPH/lvqmE4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711322152; c=relaxed/simple; bh=6x6msOVMKp0/WxQjJkJWGJR+nmYrvvXpeCfppaZ6xwM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XsGx8dAU22LDXfbXGnj6N7O40TcBoYhbqcuVBrwYqz3rqJd1rbnjBXywej5ZmjfwpPZ2O4eU9RREJ7N++aYiogCeqRg2d4BOky5r7uRcwCkE+U6hD5DkVggSL82CyDE83iK4MKDkUNhPmdSn7Pz9QN1bNW9wl3gi+2Gk15U5Q0c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=HDq70iqd; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6136AC43390; Sun, 24 Mar 2024 23:15:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711322151; bh=6x6msOVMKp0/WxQjJkJWGJR+nmYrvvXpeCfppaZ6xwM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HDq70iqdpfyRZR32Gz23/3RlhFT8vBohO4Rtaq/VyKVzHAB1oodNCThzH9ZP+HTTS MRuiLvEBYpxw4BMREV8NQHwl5/4MjbEtM2E+U7SHLaiRX/nIrJ6l6hgxNmDC4l4uzC Gt9Jhy+jDuZxu71O/efHO3ap3jXfzKbhZLGf26SxPlRQU41eL7Y+KUKvJE6l1cAo20 1rIuqaaXDYHTH9OYbEOjGxQBslOppIiF5noIeeS1+ckcZHpzaGUQGNeKFSDuDwBXD8 Xp0nwn/8quglNrv8BUtp4krAqfnaBahK5Th+lc0ERBEqaDhTk0I+bsLkkWEwFPuzUJ biWMH/lJIa89w== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , "David S . Miller" , Sasha Levin Subject: [PATCH 6.1 228/451] net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function Date: Sun, 24 Mar 2024 19:08:24 -0400 Message-ID: <20240324231207.1351418-229-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324231207.1351418-1-sashal@kernel.org> References: <20240324231207.1351418-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 3ed5f415133f9b7518fbe55ba9ae9a3f5e700929 ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/kcm/kcmsock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c index 65845c59c0655..7d37bf4334d26 100644 --- a/net/kcm/kcmsock.c +++ b/net/kcm/kcmsock.c @@ -1274,10 +1274,11 @@ static int kcm_getsockopt(struct socket *sock, int level, int optname, if (get_user(len, optlen)) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case KCM_RECV_DISABLE: val = kcm->rx_disabled; -- 2.43.0