From nobody Fri Dec 19 20:13:07 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C324A294483; Sun, 24 Mar 2024 23:51:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711324281; cv=none; b=KDyPowbw8ix1lQknDczHYjGlq4QLRSauiH4KXded7zdlj+mfe9cNLNK5Vt6GEMNjEOkLUkc1SPEO+fb6antYOA91gu6XYteFopzLmbYES3DIEA17xQnk7jl/klVfGWUIeeC2roLETjkqWVvZIg6AGF/iGsKFRmU5I3kz5XSwRDk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711324281; c=relaxed/simple; bh=/4z3zV4j4Wj0YNPYCHyF512kgVBeggTd4PFDIWxIE2k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RaQq9NPw7ItjtOthr2ZGjLG1nwRJJxwZ8eOtUa6jpks6x6t2phOVtj7wLtY0WcgZwwzKKq/gR/hWpp7J1WD6DeuaDHJLQSq8I6dhg1x9CN6t+Ch8AcT4hmvwp7gsN16Fbox87Qlyljf1/Y8FsAzguIrvyYKy0RVxBWoYB+nub1s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=HxFjuEF1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HxFjuEF1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 39BD9C433C7; Sun, 24 Mar 2024 23:51:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711324281; bh=/4z3zV4j4Wj0YNPYCHyF512kgVBeggTd4PFDIWxIE2k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HxFjuEF1nWozwZ3CLDboeaZBYAuHicxBXSC0SU54tOBNIKgx+nmzD4rs6Q+XDzvEe XghJtcWaIILPu1zqRIoP+fqKGKogTtax5wSdV1VL07cVaN0z4R3NowVer3oJpCsckm dCz0J+TYFX7ZdN/vk5jSdl0ZuDiF958ySGrX+KWKkr3yZi0ZADYgSq5OGaupibsB7d Lz9A5iegZobkHhkue4vqVu2X32Wgb8FH20lA74tGZtKlzd3N+44J9e2k4oClZyL2Gk X4Eco53e4R4FZL69THs47yptl/3Ky+XyruJomburz1LxFHciwWeVKpJ11rE2uwRmEV CJEPceOLzD8rA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Gavrilov Ilia , Jason Xing , "David S . Miller" , Sasha Levin Subject: [PATCH 4.19 058/148] tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function Date: Sun, 24 Mar 2024 19:48:42 -0400 Message-ID: <20240324235012.1356413-59-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324235012.1356413-1-sashal@kernel.org> References: <20240324235012.1356413-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gavrilov Ilia [ Upstream commit 716edc9706deb3bb2ff56e2eeb83559cea8f22db ] The 'len' variable can't be negative when assigned the result of 'min_t' because all 'min_t' parameters are cast to unsigned int, and then the minimum one is chosen. To fix the logic, check 'len' as read from 'optlen', where the types of relevant variables are (signed) int. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Gavrilov Ilia Reviewed-by: Jason Xing Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/ipv4/tcp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 712186336997b..3df973d22295c 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -3369,11 +3369,11 @@ static int do_tcp_getsockopt(struct sock *sk, int l= evel, if (get_user(len, optlen)) return -EFAULT; =20 - len =3D min_t(unsigned int, len, sizeof(int)); - if (len < 0) return -EINVAL; =20 + len =3D min_t(unsigned int, len, sizeof(int)); + switch (optname) { case TCP_MAXSEG: val =3D tp->mss_cache; --=20 2.43.0