Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2577187lqp; Mon, 25 Mar 2024 03:16:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX/eD1ngJoiM6xnnfDsMLtFlvvlgUI1KvBToyrUhkreVJ0QuZUZ1DR+b0LOfy5wyd3mD4NixK4ghyN3SmISNUdIoXe8MacwSkAVSPf9cQ== X-Google-Smtp-Source: AGHT+IErEpksP/a1eEMj7mGQ3n2oW0bETJMMnHjwxsPy0UFuQKXOS3tJhSS9h3v+SLMUkaysF4Zb X-Received: by 2002:a05:6214:410:b0:691:1a11:3122 with SMTP id z16-20020a056214041000b006911a113122mr6703743qvx.44.1711361815502; Mon, 25 Mar 2024 03:16:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711361815; cv=pass; d=google.com; s=arc-20160816; b=dbokLDBiHBq8kzLaqyXKqGAWySD9miRKQ+Tl4fnJWQ5/cEYLxykVJRmKUg0K8fXKFl 0hkx9Bv9lNq0F4Iq/DID1bNtqYh2bSSRZj5Pyj9pLqj+u1fShnOkN3uKT+iQGWS6S1hj dAdlRqJZMJoE20W+rp8IA6VPxYUoB0iuXA1IyLYD5KCZGIcZW05JDgf1+7nba3fwvVqz nQJIel3frsQP8yrhS5oIjPDqo+vg+RyNaSurhsNXhdxnQGMfVDZ56B8ZA5qtpopB8r3r rA4pDO2sqCw2jjHNrMWZW2viK8R9Oq53TZIr4dxnGGTi6rdcoB7CF66Wyx81bRrDNdTE Y9mw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=fHsKbgXDrPjdlFnXFAfEjNuhfRsh7pwj/pmxl6rBLjA=; fh=Md7EcTWe18BFLXa/NFjTdAq1RnNmcXYsjSXnwSOO/TQ=; b=y5XyIwmJIKCm4Q8sDTpIEyinRkFknUK8kILA8m4TrVKoJZeyWYKmR09Uio4WXWpaFf uNODjPFSRXgqJ4Rm05tayBkHXCU5BNemxg2v01f7FvGn9aVTpOzlDUmlc4dwvJevRMzu XnlGavNtFZ9dsRVj0+b7AnAZCbLowCCun5oQZONvSOnWmlC5hX2c5cfNWVsrX/MZV0xk 7BlG0pFstutBKIz4W4tKhOK8aV7TnoCpEWaEL7iXVgoSSjNC9nj/Al/Y9dVtC7P0W70+ I4V2eY6sG3oj1c6WHOTjofY+NIxNjbKxrBo1P3dSdq9RQLbIPPCL4idL/R1F82Y7Qyj9 AAnw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="f6mwb/Rn"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116160-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116160-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id jo25-20020a056214501900b0068eeb0d26ddsi7809037qvb.229.2024.03.25.03.16.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 03:16:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-116160-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="f6mwb/Rn"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116160-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116160-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 38BEC1C30646 for ; Mon, 25 Mar 2024 10:16:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 86BDC3B3604; Mon, 25 Mar 2024 03:32:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="f6mwb/Rn" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 76A4E17B51C; Sun, 24 Mar 2024 23:42:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323728; cv=none; b=VUQCgjz9VdwMrUHPFe5ZxFxJrgcV5vq8bhY9BvIu0voCpveK54A7eXFWNOF0Qgud+oFRppkOhZon7B0+JmjqRGJaUpX38e5k9tkvUn4slkP1faOjnTNDnTHEZncgMxc25nlQ7Z00R6UaRElbRbZnRoIfuEhX8LVGA5ZDIIQA6/I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323728; c=relaxed/simple; bh=pBN8wGTb52OpC2M3BNQFLcBGO3yJdW0XR67v5gpuFRg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AymjoFzLt0VIfvwiiOMyLvyywARiMjcNCnrN68mvFP8IMXCabAvQBlt1aFT19ZI4+Yz2VlkscQQnxIqQuUtOncLLt8lEUjlqBImjGYqZARKSwIWAgZpAz0KcPdWmH8AfFwEX7Wk1fPSsim8J8lSefGQFTGH2ClEzvOP06yPxI24= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=f6mwb/Rn; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5361CC43394; Sun, 24 Mar 2024 23:42:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711323727; bh=pBN8wGTb52OpC2M3BNQFLcBGO3yJdW0XR67v5gpuFRg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=f6mwb/Rnli0sj5sRkKhPqxIgMQWcRJSZ9PJl8DDcw2QLVpmhWBfW7cDshqllX8Tab 8fKGrs16Pj+m3ZiAjiS0lHHLnnEDFzMnbbcsrUTUgo/4R35MFofv2cjW1WbCyb6WGZ 1zkItveAdS96RH6jsULm0CX+j+avVmsvEIujO+TR1iUZHAEUxyYRRl6wfdk68ezQzD Job0NJEqGr8eGcSHwoNDdcUlNtekPiPWgetABJCRJtr67pdGd5i6e/KjwxZScUzJ9S IkR7T+U7RcN3NpoJfwljYTi4gYUGTI+RoLiVgbdg7lMENUckTOAF+ozeDEmlX7kfqN aSdNQ1FgmZi4w== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , Jason Xing , "David S . Miller" , Sasha Levin Subject: [PATCH 5.10 100/238] tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function Date: Sun, 24 Mar 2024 19:38:08 -0400 Message-ID: <20240324234027.1354210-101-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324234027.1354210-1-sashal@kernel.org> References: <20240324234027.1354210-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 716edc9706deb3bb2ff56e2eeb83559cea8f22db ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Gavrilov Ilia Reviewed-by: Jason Xing Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/tcp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index a5c15e2d193f6..2e874ec859715 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -3742,11 +3742,11 @@ static int do_tcp_getsockopt(struct sock *sk, int level, if (get_user(len, optlen)) return -EFAULT; - len = min_t(unsigned int, len, sizeof(int)); - if (len < 0) return -EINVAL; + len = min_t(unsigned int, len, sizeof(int)); + switch (optname) { case TCP_MAXSEG: val = tp->mss_cache; -- 2.43.0