summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJann Horn <jannh@google.com>2019-02-21 00:34:54 +0300
committerDavid S. Miller <davem@davemloft.net>2019-02-22 22:49:28 +0300
commit52baf9878b65872a7fc735d7fae3350ea9f30646 (patch)
tree4cf2045a11e399b9fc4a6930be848a3554c7d752
parentf5b51fe804ec2a6edce0f8f6b11ea57283f5857b (diff)
downloadlinux-52baf9878b65872a7fc735d7fae3350ea9f30646.tar.xz
net: socket: add check for negative optlen in compat setsockopt
__sys_setsockopt() already checks for `optlen < 0`. Add an equivalent check to the compat path for robustness. This has to be `> INT_MAX` instead of `< 0` because the signedness of `optlen` is different here. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/compat.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/net/compat.c b/net/compat.c
index 959d1c51826d..3d348198004f 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -388,8 +388,12 @@ static int __compat_sys_setsockopt(int fd, int level, int optname,
char __user *optval, unsigned int optlen)
{
int err;
- struct socket *sock = sockfd_lookup(fd, &err);
+ struct socket *sock;
+
+ if (optlen > INT_MAX)
+ return -EINVAL;
+ sock = sockfd_lookup(fd, &err);
if (sock) {
err = security_socket_setsockopt(sock, level, optname);
if (err) {