@@ -615,13 +615,13 @@ static int do_ip_setsockopt(struct sock *sk, int level,
if (optlen >= sizeof(struct ip_mreqn)) {
if (copy_from_user(&mreq, optval, sizeof(mreq)))
break;
- } else {
+ } else if (optlen >= sizeof(struct in_addr)) {
memset(&mreq, 0, sizeof(mreq));
- if (optlen >= sizeof(struct in_addr) &&
- copy_from_user(&mreq.imr_address, optval,
+ if (copy_from_user(&mreq.imr_address, optval,
sizeof(struct in_addr)))
break;
- }
+ } else /* Invalid optlen */
+ goto e_inval;
if (!mreq.imr_ifindex) {
if (mreq.imr_address.s_addr == htonl(INADDR_ANY)) {
Due to man page of setsockopt, if optlen is not valid, kernel should return -EINVAL. But a simple testcase as following, errno is 0, which means setsockopt is successful. addr.s_addr = inet_addr("192.1.2.3"); setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &addr, 1); printf("errno is %d\n", errno); This patch fixes the optlen check part, with the patch, we got errno EINVAL. Signed-off-by: Xiaotian Feng <dfeng@redhat.com> Cc: Patrick McHardy <kaber@trash.net> Cc: David S. Miller <davem@davemloft.net> --- net/ipv4/ip_sockglue.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-)