[PATCH net-next] l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function

From: Gavrilov Ilia
Date: Wed Mar 06 2024 - 04:58:34 EST

Next message: WeitaoWang-oc@xxxxxxxxxxx: "Re: [PATCH v3] USB:UAS:return ENODEV when submit urbs fail with device not attached"
Previous message: Gavrilov Ilia: "[PATCH net-next] ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function"
Next in thread: Tom Parkin: "Re: [PATCH net-next] l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The 'len' variable can't be negative because all 'min_t' parameters
cast to unsigned int, and then the minimum one is chosen.

To fix it, move the if statement higher.

Fixes: 3557baabf280 ("[L2TP]: PPP over L2TP driver core")
Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@xxxxxxxxxxx>
---
net/l2tp/l2tp_ppp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index f011af6601c9..6146e4e67bbb 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -1356,11 +1356,11 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
if (get_user(len, optlen))
return -EFAULT;

- len = min_t(unsigned int, len, sizeof(int));
-
if (len < 0)
return -EINVAL;

+ len = min_t(unsigned int, len, sizeof(int));
+
err = -ENOTCONN;
if (!sk->sk_user_data)
goto end;
--
2.39.2

Next message: WeitaoWang-oc@xxxxxxxxxxx: "Re: [PATCH v3] USB:UAS:return ENODEV when submit urbs fail with device not attached"
Previous message: Gavrilov Ilia: "[PATCH net-next] ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function"
Next in thread: Tom Parkin: "Re: [PATCH net-next] l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]