Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2578595lqp; Mon, 25 Mar 2024 03:20:08 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX5ZJEAWkHQuiyzlpUJ7rZ9R3xJSjqcwzsaD/7Z2/J7EMfiXxJxvNiVGNQqmSjUho9vMjwW/yfh7cYJ58FhtYz+skNMw7VqVutokVheKg== X-Google-Smtp-Source: AGHT+IE792SL4zOMCMOVEZXtDnHzYN2B6bSB1wtldaiupUlQ//HXIlIUAYMnx9uJu3By/zBhKszW X-Received: by 2002:a05:6122:1a98:b0:4d4:21cc:5f4f with SMTP id dy24-20020a0561221a9800b004d421cc5f4fmr2299889vkb.11.1711362007922; Mon, 25 Mar 2024 03:20:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711362007; cv=pass; d=google.com; s=arc-20160816; b=ljIWFq9PqLh6bTKd4IPpvJXOHgl/c6lltP4Urt6ogm36meFk0z7AlccqfmymMfLvm2 2GNAIw2JkuY6dPRr6aKG3KPGydeAx9IB7q3HCyffj2Gyrwc54nUgmx6QajNbocM+IiL5 sJqzyLs7Zzc5xMbYrYWpk5Smh1hDInapoC1zEg3Q2AbU3WmnbGYE2n8Vcs03jd4sTmhG 1ClQL7yZFuApLx7OMhMxdpOiSSCeMcwK1X2hIwBO5zhQ43QkOyflWlw1If8Q/PN9jkCg yEE1ZMd0pyQbmMyz3w6gDcY0SEFs4nyaovV0nQ6YWUKKuB23+K6NfbIvVVOwqkSeAKOb BugQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=5t6DaCky1F0EfQWvyQNbRUXSM5rLZvsCXvojJI8xSTU=; fh=dgo3dL5Ngz52VJMGt6UDJJnqNktK2XCNXvZPbHFVsmM=; b=D7kr7QPtWnqeMZ0HNRjuUWckYitqPknpyGX3BsNoNMGZelV/r9CKmPe1//1REU8mEF 66qXb3CzCa1aigMnYbPcDtD4FfA2xe6jUJmcCcHffmRoAka6NXx5g+hEq/j35X6p706l lD8yONxO0G54UKByDJTLJ3RWtI6hEYHfq6qXh8xvpQiK17BIdYWEaKL4DQUZCYqOHvMw uYswfwwzbB28nMlkMYVyJNUBjlfrgRR7+ZQ6gAM99fUHhAnVlnduxhPgNbauM2IHYMEe RAhf6nltkngv5WTerZTuZLCLGCFL/P4EwDKCDwOxCYYkXOMchmwh7+geAACJSrSe1Gmk 6gSA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RqygQOFO; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116162-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116162-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id u5-20020a0562141c0500b00690047b8128si7228021qvc.190.2024.03.25.03.20.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 03:20:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-116162-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RqygQOFO; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-116162-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116162-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 9DE791C32CCC for ; Mon, 25 Mar 2024 10:20:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3DC033B4841; Mon, 25 Mar 2024 03:32:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RqygQOFO" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E5A5D4502F; Sun, 24 Mar 2024 23:42:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323732; cv=none; b=OiT8ee4EoHgkP8D1NXYRjsxCYprnmYupVeRdxaXnPzfApykRXcy34kLwlDqsyyuqAjJHFJ3Ax3YhrSLOixu/RxMPkTmNg728X2m66bZSF3NKLpyVV1b8wS40LscLxT+yFd9dcc+PfrDPkstUrjWNyKt4cDE97hMkM4HE8BHDzPI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323732; c=relaxed/simple; bh=v2Qyu6q2veWbVwn5KD8cFkjNZD8lTAkqpln0vQw4LS0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JRM+Qdj6WnmrAeXikyfB2b3WxIXcXmyl3mStjW9cQEbfbADvTMwBqgnKgJmB/KXwoE7u5xB6cQ2dcBy+qFmr49u8zTPluMMHX62C4t0rsLHwgSKqltKvqkvE0MT4yrAjvpNDM0ycqy2eFRuOAn1T50VNU5no7qcI+CkXKXxW5p0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RqygQOFO; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id DD915C43330; Sun, 24 Mar 2024 23:42:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711323731; bh=v2Qyu6q2veWbVwn5KD8cFkjNZD8lTAkqpln0vQw4LS0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RqygQOFOSIwsmWUGU9F95A9LXBTTGXe0XQ3NUXSOwCqMi+Y0LK3SxDmLxQuOsbK7n 6oJTQf0vl+WjtpQryOVVcOOsq45xljRtolBLOSzEATHzQctc2EsyXcy3eQ9wsam2oS 4/ygA+RJtOdJh6q3q0VwkDvjtqBYzpmrtTB/xr5C/0cjdJ8JKMqwUswplx8qX0ZrSJ gAlPlIUoJo0SYPr8STl4Rj5Ms/EXt3OYjDhKHXN/Aejp0nutGiXev1b3kgYcfhK0fV 8Ty8HPaRHjax/vtVXEzXf2HI+EDdb0D8yC7F8/ciKae3zdliXm1ZLsHmb9NsyYNcAi MMp+OG++b89GA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , "David S . Miller" , Sasha Levin Subject: [PATCH 5.10 105/238] ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function Date: Sun, 24 Mar 2024 19:38:13 -0400 Message-ID: <20240324234027.1354210-106-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324234027.1354210-1-sashal@kernel.org> References: <20240324234027.1354210-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Gavrilov Ilia [ Upstream commit 5c3be3e0eb44b7f978bb6cbb20ad956adb93f736 ] The 'olr' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'olr' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Gavrilov Ilia Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/ipmr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index cdc0a1781fd28..db184cb826b95 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c @@ -1574,9 +1574,11 @@ int ip_mroute_getsockopt(struct sock *sk, int optname, sockptr_t optval, if (copy_from_sockptr(&olr, optlen, sizeof(int))) return -EFAULT; - olr = min_t(unsigned int, olr, sizeof(int)); if (olr < 0) return -EINVAL; + + olr = min_t(unsigned int, olr, sizeof(int)); + if (copy_to_sockptr(optlen, &olr, sizeof(int))) return -EFAULT; if (copy_to_sockptr(optval, &val, olr)) -- 2.43.0