From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 3.18 23/24] sctp: make use of pre-calculated len
Date: Fri, 2 Mar 2018 09:51:20 +0100 [thread overview]
Message-ID: <20180302084240.266696799@linuxfoundation.org> (raw)
In-Reply-To: <20180302084239.157503766@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
[ Upstream commit c76f97c99ae6d26d14c7f0e50e074382bfbc9f98 ]
Some sockopt handling functions were calculating the length of the
buffer to be written to userspace and then calculating it again when
actually writing the buffer, which could lead to some write not using
an up-to-date length.
This patch updates such places to just make use of the len variable.
Also, replace some sizeof(type) to sizeof(var).
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/socket.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4458,7 +4458,7 @@ static int sctp_getsockopt_autoclose(str
len = sizeof(int);
if (put_user(len, optlen))
return -EFAULT;
- if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int)))
+ if (copy_to_user(optval, &sctp_sk(sk)->autoclose, len))
return -EFAULT;
return 0;
}
@@ -5035,6 +5035,9 @@ copy_getaddrs:
err = -EFAULT;
goto out;
}
+ /* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too,
+ * but we can't change it anymore.
+ */
if (put_user(bytes_copied, optlen))
err = -EFAULT;
out:
@@ -5471,7 +5474,7 @@ static int sctp_getsockopt_maxseg(struct
params.assoc_id = 0;
} else if (len >= sizeof(struct sctp_assoc_value)) {
len = sizeof(struct sctp_assoc_value);
- if (copy_from_user(¶ms, optval, sizeof(params)))
+ if (copy_from_user(¶ms, optval, len))
return -EFAULT;
} else
return -EINVAL;
@@ -5635,7 +5638,9 @@ static int sctp_getsockopt_active_key(st
if (len < sizeof(struct sctp_authkeyid))
return -EINVAL;
- if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid)))
+
+ len = sizeof(struct sctp_authkeyid);
+ if (copy_from_user(&val, optval, len))
return -EFAULT;
asoc = sctp_id2assoc(sk, val.scact_assoc_id);
@@ -5647,7 +5652,6 @@ static int sctp_getsockopt_active_key(st
else
val.scact_keynumber = ep->active_key_id;
- len = sizeof(struct sctp_authkeyid);
if (put_user(len, optlen))
return -EFAULT;
if (copy_to_user(optval, &val, len))
@@ -5673,7 +5677,7 @@ static int sctp_getsockopt_peer_auth_chu
if (len < sizeof(struct sctp_authchunks))
return -EINVAL;
- if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
+ if (copy_from_user(&val, optval, sizeof(val)))
return -EFAULT;
to = p->gauth_chunks;
@@ -5718,7 +5722,7 @@ static int sctp_getsockopt_local_auth_ch
if (len < sizeof(struct sctp_authchunks))
return -EINVAL;
- if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
+ if (copy_from_user(&val, optval, sizeof(val)))
return -EFAULT;
to = p->gauth_chunks;
next prev parent reply other threads:[~2018-03-02 8:53 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-02 8:50 [PATCH 3.18 00/24] 3.18.98-stable review Greg Kroah-Hartman
2018-03-02 8:50 ` [PATCH 3.18 01/24] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid Greg Kroah-Hartman
2018-03-02 8:50 ` [PATCH 3.18 02/24] hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 03/24] mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 04/24] ipv6: icmp6: Allow icmp messages to be looped back Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 05/24] sget(): handle failures of register_shrinker() Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 06/24] spi: atmel: fixed spin_lock usage inside atmel_spi_remove Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 07/24] net: arc_emac: fix arc_emac_rx() error paths Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 08/24] scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 09/24] tg3: Add workaround to restrict 5762 MRRS to 2048 Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 10/24] tg3: Enable PHY reset in MTU change path for 5720 Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 11/24] bnx2x: Improve reliability in case of nested PCI errors Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 12/24] led: core: Fix brightness setting when setting delay_off=0 Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 13/24] s390/dasd: fix wrongly assigned configuration data Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 14/24] xfs: quota: fix missed destroy of qi_tree_lock Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 15/24] xfs: quota: check result of register_shrinker() Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 16/24] e1000: fix disabling already-disabled warning Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 18/24] xen-netfront: enable device after manual module load Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 19/24] mdio-sun4i: Fix a memory leak Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 20/24] SolutionEngine771x: fix Ether platform data Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 21/24] xen/gntdev: Fix off-by-one error when unmapping with holes Greg Kroah-Hartman
2018-03-02 8:51 ` [PATCH 3.18 22/24] xen/gntdev: Fix partial gntdev_mmap() cleanup Greg Kroah-Hartman
2018-03-02 8:51 ` Greg Kroah-Hartman [this message]
2018-03-02 8:51 ` [PATCH 3.18 24/24] net: gianfar_ptp: move set_fipers() to spinlock protecting area Greg Kroah-Hartman
2018-03-02 17:33 ` [PATCH 3.18 00/24] 3.18.98-stable review Guenter Roeck
[not found] ` <CALpmF+Ess8+k+N0q6YyVEUL+YmM5m1rS2ORs9xyR=sZoYXTwHA@mail.gmail.com>
2018-03-02 18:53 ` Greg Kroah-Hartman
2018-03-02 21:31 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180302084240.266696799@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@microsoft.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=marcelo.leitner@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).