From: Jann Horn <jannh@google.com>
Date: Wed, 20 Feb 2019 21:34:54 +0000 (+0100)
Subject: net: socket: add check for negative optlen in compat setsockopt
X-Git-Tag: v5.15~6953^2~15
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=52baf9878b65872a7fc735d7fae3350ea9f30646;p=platform%2Fkernel%2Flinux-starfive.git

net: socket: add check for negative optlen in compat setsockopt

__sys_setsockopt() already checks for `optlen < 0`. Add an equivalent check
to the compat path for robustness. This has to be `> INT_MAX` instead of
`< 0` because the signedness of `optlen` is different here.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/compat.c b/net/compat.c
index 959d1c5..3d34819 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -388,8 +388,12 @@ static int __compat_sys_setsockopt(int fd, int level, int optname,
 				   char __user *optval, unsigned int optlen)
 {
 	int err;
-	struct socket *sock = sockfd_lookup(fd, &err);
+	struct socket *sock;
+
+	if (optlen > INT_MAX)
+		return -EINVAL;
 
+	sock = sockfd_lookup(fd, &err);
 	if (sock) {
 		err = security_socket_setsockopt(sock, level, optname);
 		if (err) {