diff options
author | Jann Horn <jannh@google.com> | 2019-02-21 00:34:54 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-02-22 22:49:28 +0300 |
commit | 52baf9878b65872a7fc735d7fae3350ea9f30646 (patch) | |
tree | 4cf2045a11e399b9fc4a6930be848a3554c7d752 | |
parent | f5b51fe804ec2a6edce0f8f6b11ea57283f5857b (diff) | |
download | linux-52baf9878b65872a7fc735d7fae3350ea9f30646.tar.xz |
net: socket: add check for negative optlen in compat setsockopt
__sys_setsockopt() already checks for `optlen < 0`. Add an equivalent check
to the compat path for robustness. This has to be `> INT_MAX` instead of
`< 0` because the signedness of `optlen` is different here.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/compat.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/net/compat.c b/net/compat.c index 959d1c51826d..3d348198004f 100644 --- a/net/compat.c +++ b/net/compat.c @@ -388,8 +388,12 @@ static int __compat_sys_setsockopt(int fd, int level, int optname, char __user *optval, unsigned int optlen) { int err; - struct socket *sock = sockfd_lookup(fd, &err); + struct socket *sock; + + if (optlen > INT_MAX) + return -EINVAL; + sock = sockfd_lookup(fd, &err); if (sock) { err = security_socket_setsockopt(sock, level, optname); if (err) { |