net: socket: add check for negative optlen in compat setsockopt [Linux 5.0]

net: socket: add check for negative optlen in compat setsockopt [Linux 5.0]

This Linux kernel change "net: socket: add check for negative optlen in compat setsockopt" is included in the Linux 5.0 release. This change is authored by Jann Horn <jannh [at] google.com> on Wed Feb 20 22:34:54 2019 +0100. The commit for this change in Linux stable tree is 52baf98 (patch).

net: socket: add check for negative optlen in compat setsockopt

__sys_setsockopt() already checks for `optlen < 0`. Add an equivalent check
to the compat path for robustness. This has to be `> INT_MAX` instead of
`< 0` because the signedness of `optlen` is different here.

Signed-off-by: Jann Horn <[email protected]>
Signed-off-by: David S. Miller <[email protected]>

There are 6 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/compat.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/compat.c b/net/compat.c
index 959d1c5..3d34819 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -388,8 +388,12 @@ static int __compat_sys_setsockopt(int fd, int level, int optname,
                   char __user *optval, unsigned int optlen)
 {
    int err;
-   struct socket *sock = sockfd_lookup(fd, &err);
+   struct socket *sock;
+
+   if (optlen > INT_MAX)
+       return -EINVAL;

+   sock = sockfd_lookup(fd, &err);
    if (sock) {
        err = security_socket_setsockopt(sock, level, optname);
        if (err) {

Leave a Reply

Your email address will not be published. Required fields are marked *