From patchwork Wed Mar 29 14:11:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 744812 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3vtV7P2cSwz9s2P for ; Thu, 30 Mar 2017 01:11:45 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="cQNWYSiz"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932231AbdC2OLn (ORCPT ); Wed, 29 Mar 2017 10:11:43 -0400 Received: from mail-wr0-f174.google.com ([209.85.128.174]:33380 "EHLO mail-wr0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752148AbdC2OLk (ORCPT ); Wed, 29 Mar 2017 10:11:40 -0400 Received: by mail-wr0-f174.google.com with SMTP id w43so17224602wrb.0 for ; Wed, 29 Mar 2017 07:11:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=ALHWsJFM8I6SnRXuGrMd7EMy3x9oGeUA8oUT5KosM2I=; b=cQNWYSizDaUuAffKfAzNzX0XYQ8eycVR/O8rukbLPPYim39G1Kj14TEX1/0BMRipgK WnD6Y9lheWu0+ZrBM9GQlgGK62fRrmmtTvJdLcuMVjO3L9dbeGXiBeTmvhZjIis5/ema CXlEZVuazgOkV3lkpZOMm+XN5h5hyh0+/6lm2xwYC23WWcB/AjmFMwt/d+qjDJ0YVgk8 eonpd0AbxCCIyTmfXDYVU8YxUy8qRPrZbMQFC99TGBpUoN+ZOryxf0/rTnmek6IrcWAw n8gkxSLMkyQ6ntVqVvI5rHgVBmKQLW450SQOd/w2JNJjD+EuoS8zFy7qlF6wnfZiVdq2 ArWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=ALHWsJFM8I6SnRXuGrMd7EMy3x9oGeUA8oUT5KosM2I=; b=azvq7nM0OGQJAhYXrdDfkLhB71wtFC4OvPGu5WeLZFqAmeU5jSQVQCp/9A7JFGC5vL Fj9h1KtQp+odUxUeyUz3UKXBYMtWAQW28zimJDDLh6079w1XCsqX6jhRjtfsYxhCY/Ji eS1NzOim8ptBzISfLzzxNslc8DOcqgiNqipwV9uk6YbM7xD/YXmT5V64l4MP1ooMEyaK GRVFj53ZOZUZ2Hq2N3OEoa3cpdy1hucV3W+SUZDgaGGeqUKCMMElBA1IrNxlpNvLN/m9 rCJlvHmbOeUntEFsUSucHXqm/XTxCm2RCNrReax6tCqjASrU0BK3GI4+EAM7Y5efYIT0 wLlw== X-Gm-Message-State: AFeK/H2/PEA5rDPo/kh0BWorn+xcIYVn7cdNUb3afr53QdTal1AgmYWWF+7syW2m9k74LCf8 X-Received: by 10.223.160.27 with SMTP id k27mr689924wrk.106.1490796697536; Wed, 29 Mar 2017 07:11:37 -0700 (PDT) Received: from andreyknvl0.muc.corp.google.com ([100.105.12.17]) by smtp.gmail.com with ESMTPSA id q135sm8322894wmd.8.2017.03.29.07.11.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Mar 2017 07:11:36 -0700 (PDT) Received: by andreyknvl0.muc.corp.google.com (Postfix, from userid 206546) id E253A1809AA; Wed, 29 Mar 2017 16:11:35 +0200 (CEST) From: Andrey Konovalov To: "David S . Miller" , Eric Dumazet , Willem de Bruijn , Craig Gallek Cc: netdev@vger.kernel.org, Dmitry Vyukov , Kostya Serebryany , Andrey Konovalov Subject: [PATCH net v2 3/3] net/packet: fix overflow in check for tp_reserve Date: Wed, 29 Mar 2017 16:11:22 +0200 Message-Id: X-Mailer: git-send-email 2.12.2.564.g063fe858b8-goog In-Reply-To: References: In-Reply-To: References: Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org When calculating po->tp_hdrlen + po->tp_reserve the result can overflow. Fix by checking that tp_reserve <= INT_MAX on assign. Signed-off-by: Andrey Konovalov Acked-by: Eric Dumazet --- net/packet/af_packet.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 3ac286ebb2f4..8489beff5c25 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -3665,6 +3665,8 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; + if (val > INT_MAX) + return -EINVAL; po->tp_reserve = val; return 0; }