From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL for 4.9 51/52] sctp: make use of pre-calculated len
Date: Sat, 3 Feb 2018 18:04:01 +0000 [thread overview]
Message-ID: <20180203180303.8490-51-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180203180303.8490-1-alexander.levin@microsoft.com>
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
[ Upstream commit c76f97c99ae6d26d14c7f0e50e074382bfbc9f98 ]
Some sockopt handling functions were calculating the length of the
buffer to be written to userspace and then calculating it again when
actually writing the buffer, which could lead to some write not using
an up-to-date length.
This patch updates such places to just make use of the len variable.
Also, replace some sizeof(type) to sizeof(var).
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
net/sctp/socket.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index c472b8391dde..019e3b27a061 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4756,7 +4756,7 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
len = sizeof(int);
if (put_user(len, optlen))
return -EFAULT;
- if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int)))
+ if (copy_to_user(optval, &sctp_sk(sk)->autoclose, len))
return -EFAULT;
return 0;
}
@@ -5333,6 +5333,9 @@ copy_getaddrs:
err = -EFAULT;
goto out;
}
+ /* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too,
+ * but we can't change it anymore.
+ */
if (put_user(bytes_copied, optlen))
err = -EFAULT;
out:
@@ -5769,7 +5772,7 @@ static int sctp_getsockopt_maxseg(struct sock *sk, int len,
params.assoc_id = 0;
} else if (len >= sizeof(struct sctp_assoc_value)) {
len = sizeof(struct sctp_assoc_value);
- if (copy_from_user(¶ms, optval, sizeof(params)))
+ if (copy_from_user(¶ms, optval, len))
return -EFAULT;
} else
return -EINVAL;
@@ -5938,7 +5941,9 @@ static int sctp_getsockopt_active_key(struct sock *sk, int len,
if (len < sizeof(struct sctp_authkeyid))
return -EINVAL;
- if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid)))
+
+ len = sizeof(struct sctp_authkeyid);
+ if (copy_from_user(&val, optval, len))
return -EFAULT;
asoc = sctp_id2assoc(sk, val.scact_assoc_id);
@@ -5950,7 +5955,6 @@ static int sctp_getsockopt_active_key(struct sock *sk, int len,
else
val.scact_keynumber = ep->active_key_id;
- len = sizeof(struct sctp_authkeyid);
if (put_user(len, optlen))
return -EFAULT;
if (copy_to_user(optval, &val, len))
@@ -5976,7 +5980,7 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
if (len < sizeof(struct sctp_authchunks))
return -EINVAL;
- if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
+ if (copy_from_user(&val, optval, sizeof(val)))
return -EFAULT;
to = p->gauth_chunks;
@@ -6021,7 +6025,7 @@ static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len,
if (len < sizeof(struct sctp_authchunks))
return -EINVAL;
- if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
+ if (copy_from_user(&val, optval, sizeof(val)))
return -EFAULT;
to = p->gauth_chunks;
--
2.11.0
prev parent reply other threads:[~2018-02-03 18:06 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-03 18:03 [PATCH AUTOSEL for 4.9 01/52] dmaengine: fsl-edma: disable clks on all error paths Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 02/52] nvme: check hw sectors before setting chunk sectors Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 03/52] net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 04/52] mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 06/52] ipv6: icmp6: Allow icmp messages to be looped back Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 05/52] mtd: nand: brcmnand: Zero bitflip is not an error Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 07/52] ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 09/52] mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 08/52] x86/asm: Allow again using asm.h when building for the 'bpf' clang target Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 10/52] sget(): handle failures of register_shrinker() Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 12/52] drm/nouveau/pci: do a msi rearm on init Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 11/52] net: phy: xgene: disable clk on error paths Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 13/52] mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 15/52] ASoC: nau8825: fix issue that pop noise when start capture Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 16/52] net: mediatek: setup proper state for disabled GMAC on the default Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 14/52] spi: atmel: fixed spin_lock usage inside atmel_spi_remove Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 17/52] net: arc_emac: fix arc_emac_rx() error paths Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 18/52] ip6_tunnel: get the min mtu properly in ip6_tnl_xmit Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 19/52] net: stmmac: Fix TX timestamp calculation Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 20/52] scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 22/52] lib/mpi: Fix umul_ppmm() for MIPS64r6 Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 21/52] ARM: dts: ls1021a: fix incorrect clock references Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 23/52] tipc: error path leak fixes in tipc_enable_bearer() Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 24/52] tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 25/52] tg3: Add workaround to restrict 5762 MRRS to 2048 Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 26/52] tg3: Enable PHY reset in MTU change path for 5720 Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 27/52] bnx2x: Improve reliability in case of nested PCI errors Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 28/52] led: core: Fix brightness setting when setting delay_off=0 Sasha Levin
2018-02-03 21:22 ` Jacek Anaszewski
2018-02-03 22:34 ` Jacek Anaszewski
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 29/52] IB/mlx5: Fix mlx5_ib_alloc_mr error flow Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 31/52] s390/dasd: fix wrongly assigned configuration data Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 30/52] genirq: Guard handle_bad_irq log messages Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 32/52] IB/mlx4: Fix mlx4_ib_alloc_mr error flow Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 33/52] IB/ipoib: Fix race condition in neigh creation Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 34/52] xfs: quota: fix missed destroy of qi_tree_lock Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 35/52] xfs: quota: check result of register_shrinker() Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 36/52] macvlan: Fix one possible double free Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 38/52] NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 37/52] e1000: fix disabling already-disabled warning Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 40/52] uapi libc compat: add fallback for unsupported libcs Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 39/52] drm/ttm: check the return value of kzalloc Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 41/52] i40e/i40evf: Account for frags split over multiple descriptors in check linearize Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 42/52] nl80211: Check for the required netlink attribute presence Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 44/52] can: flex_can: Correct the checking for frame length in flexcan_start_xmit() Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 43/52] mac80211: mesh: drop frames appearing to be from us Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 45/52] bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 46/52] xen-netfront: enable device after manual module load Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 47/52] mdio-sun4i: Fix a memory leak Sasha Levin
2018-02-03 18:03 ` [PATCH AUTOSEL for 4.9 48/52] SolutionEngine771x: fix Ether platform data Sasha Levin
2018-02-03 18:04 ` [PATCH AUTOSEL for 4.9 49/52] xen/gntdev: Fix off-by-one error when unmapping with holes Sasha Levin
2018-02-03 18:04 ` [PATCH AUTOSEL for 4.9 50/52] xen/gntdev: Fix partial gntdev_mmap() cleanup Sasha Levin
2018-02-03 18:04 ` [PATCH AUTOSEL for 4.9 52/52] net: gianfar_ptp: move set_fipers() to spinlock protecting area Sasha Levin
2018-02-03 18:04 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180203180303.8490-51-alexander.levin@microsoft.com \
--to=alexander.levin@microsoft.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox