From patchwork Tue Jul 28 10:57:01 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Drozdov X-Patchwork-Id: 501142 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id BA83A1402B9 for ; Tue, 28 Jul 2015 20:57:53 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=F8yn1CSP; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755290AbbG1K5f (ORCPT ); Tue, 28 Jul 2015 06:57:35 -0400 Received: from mail-la0-f43.google.com ([209.85.215.43]:34475 "EHLO mail-la0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753204AbbG1K5d (ORCPT ); Tue, 28 Jul 2015 06:57:33 -0400 Received: by lafd3 with SMTP id d3so55698021laf.1; Tue, 28 Jul 2015 03:57:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=REOfai73DL3R9HJT8fGwdehbDSh2fVv9+281peuVRc4=; b=F8yn1CSP3xGdEoEo3Q+7nn90QNKhQxUB4YjVxyFizyAAJ9eyYoDal7tI+aDRV655sK Bd4N+v5ZBzs3u0V9SMrTbzmRNQdtUhKJIypAEz9vp2vB/tr6twHdNH9ghf/bsPfR8f1r 2ZCwqhue3opQQZhgYnqWeUz2sDhNgZ2esNIg5ghVLmfb5e3y/EWfH5tzCOGPl7FVsQ7j FuL2Rv7WF270BtfVBQ+oTlw7nsWlNJwUhCOQ8gqlo/4WRfR/PtPGRqIp7FZ72GCqpswQ r/+gfWv2F7HmR3P38XyuGTYUG/+HZXJgyi2f94JZ8/DLI9nxXz8Im1XszFlTEtczKYud fwOA== X-Received: by 10.152.29.97 with SMTP id j1mr32187168lah.104.1438081051725; Tue, 28 Jul 2015 03:57:31 -0700 (PDT) Received: from localhost.localdomain (host-187-156-66-217.spbmts.ru. [217.66.156.187]) by smtp.gmail.com with ESMTPSA id mx10sm4574536lbb.20.2015.07.28.03.57.28 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 28 Jul 2015 03:57:30 -0700 (PDT) From: Alexander Drozdov To: "David S. Miller" , Daniel Borkmann Cc: Eric Dumazet , Willem de Bruijn , Al Viro , Eyal Birger , "Michael S. Tsirkin" , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Alexander Drozdov Subject: [PATCH] packet: tpacket_snd(): fix signed/unsigned comparison Date: Tue, 28 Jul 2015 13:57:01 +0300 Message-Id: <1438081021-1321-1-git-send-email-al.drozdov@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org tpacket_fill_skb() can return a negative value (-errno) which is stored in tp_len variable. In that case the following condition will be (but shouldn't be) true: tp_len > dev->mtu + dev->hard_header_len as dev->mtu and dev->hard_header_len are both unsigned. That may lead to just returning an incorrect EMSGSIZE errno to the user. Signed-off-by: Alexander Drozdov Acked-by: Daniel Borkmann --- net/packet/af_packet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index c9e8741..d1d3625 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -2403,7 +2403,8 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) } tp_len = tpacket_fill_skb(po, skb, ph, dev, size_max, proto, addr, hlen); - if (tp_len > dev->mtu + dev->hard_header_len) { + if (likely(tp_len >= 0) && + tp_len > dev->mtu + dev->hard_header_len) { struct ethhdr *ehdr; /* Earlier code assumed this would be a VLAN pkt, * double-check this now that we have the actual