[PATCH net-next] tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function

From: Gavrilov Ilia
Date: Wed Mar 06 2024 - 05:13:16 EST

Next message: Baolin Wang: "[PATCH v2 0/3] make the hugetlb migration strategy consistent"
Previous message: Tetsuo Handa: "Re: [PATCH v2] x86: disable non-instrumented version of copy_mc when KMSAN is enabled"
Next in thread: Paolo Abeni: "Re: [PATCH net-next] tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The 'len' variable can't be negative because all 'min_t' parameters
cast to unsigned int, and then the minimum one is chosen.

To fix it, move the if statement higher.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@xxxxxxxxxxx>
---
net/ipv4/tcp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index c82dc42f57c6..a4f418592314 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4010,11 +4010,11 @@ int do_tcp_getsockopt(struct sock *sk, int level,
if (copy_from_sockptr(&len, optlen, sizeof(int)))
return -EFAULT;

- len = min_t(unsigned int, len, sizeof(int));
-
if (len < 0)
return -EINVAL;

+ len = min_t(unsigned int, len, sizeof(int));
+
switch (optname) {
case TCP_MAXSEG:
val = tp->mss_cache;
--
2.39.2

Next message: Baolin Wang: "[PATCH v2 0/3] make the hugetlb migration strategy consistent"
Previous message: Tetsuo Handa: "Re: [PATCH v2] x86: disable non-instrumented version of copy_mc when KMSAN is enabled"
Next in thread: Paolo Abeni: "Re: [PATCH net-next] tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]