netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS control message
@ 2013-02-27 19:43 Guenter Roeck
  2013-02-27 20:09 ` Neil Horman
  2013-02-27 20:33 ` David Miller
  0 siblings, 2 replies; 8+ messages in thread
From: Guenter Roeck @ 2013-02-27 19:43 UTC (permalink / raw)
  To: netdev
  Cc: linux-sctp, Vlad Yasevich, Sridhar Samudrala, Neil Horman,
	David S. Miller, Guenter Roeck

Building sctp may fail with:

In function ‘copy_from_user’,
    inlined from ‘sctp_getsockopt_assoc_stats’ at
    net/sctp/socket.c:5656:20:
arch/x86/include/asm/uaccess_32.h:211:26: error: call to
    ‘copy_from_user_overflow’ declared with attribute error: copy_from_user()
    buffer size is not provably correct

if built with W=1 due to a missing parameter size validation.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
---
 net/sctp/socket.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index cedd9bf..0a5f2bf 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5652,6 +5652,8 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
 	/* User must provide at least the assoc id */
 	if (len < sizeof(sctp_assoc_t))
 		return -EINVAL;
+	if (len > sizeof(struct sctp_assoc_stats))
+		len = sizeof(struct sctp_assoc_stats);
 
 	if (copy_from_user(&sas, optval, len))
 		return -EFAULT;
-- 
1.7.9.7

^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2013-02-27 20:58 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-27 19:43 [PATCH] net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS control message Guenter Roeck
2013-02-27 20:09 ` Neil Horman
2013-02-27 20:22   ` David Miller
2013-02-27 20:22   ` Guenter Roeck
2013-02-27 20:37     ` Vlad Yasevich
2013-02-27 20:43     ` Neil Horman
2013-02-27 20:33 ` David Miller
2013-02-27 20:58   ` Vlad Yasevich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).