All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
	"David S. Miller" <davem@davemloft.net>,
	Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.4 32/34] sctp: make use of pre-calculated len
Date: Fri,  2 Mar 2018 09:51:28 +0100	[thread overview]
Message-ID: <20180302084438.054235528@linuxfoundation.org> (raw)
In-Reply-To: <20180302084435.842679610@linuxfoundation.org>

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>


[ Upstream commit c76f97c99ae6d26d14c7f0e50e074382bfbc9f98 ]

Some sockopt handling functions were calculating the length of the
buffer to be written to userspace and then calculating it again when
actually writing the buffer, which could lead to some write not using
an up-to-date length.

This patch updates such places to just make use of the len variable.

Also, replace some sizeof(type) to sizeof(var).

Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/sctp/socket.c |   16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4445,7 +4445,7 @@ static int sctp_getsockopt_autoclose(str
 	len = sizeof(int);
 	if (put_user(len, optlen))
 		return -EFAULT;
-	if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int)))
+	if (copy_to_user(optval, &sctp_sk(sk)->autoclose, len))
 		return -EFAULT;
 	return 0;
 }
@@ -5022,6 +5022,9 @@ copy_getaddrs:
 		err = -EFAULT;
 		goto out;
 	}
+	/* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too,
+	 * but we can't change it anymore.
+	 */
 	if (put_user(bytes_copied, optlen))
 		err = -EFAULT;
 out:
@@ -5458,7 +5461,7 @@ static int sctp_getsockopt_maxseg(struct
 		params.assoc_id = 0;
 	} else if (len >= sizeof(struct sctp_assoc_value)) {
 		len = sizeof(struct sctp_assoc_value);
-		if (copy_from_user(&params, optval, sizeof(params)))
+		if (copy_from_user(&params, optval, len))
 			return -EFAULT;
 	} else
 		return -EINVAL;
@@ -5627,7 +5630,9 @@ static int sctp_getsockopt_active_key(st
 
 	if (len < sizeof(struct sctp_authkeyid))
 		return -EINVAL;
-	if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid)))
+
+	len = sizeof(struct sctp_authkeyid);
+	if (copy_from_user(&val, optval, len))
 		return -EFAULT;
 
 	asoc = sctp_id2assoc(sk, val.scact_assoc_id);
@@ -5639,7 +5644,6 @@ static int sctp_getsockopt_active_key(st
 	else
 		val.scact_keynumber = ep->active_key_id;
 
-	len = sizeof(struct sctp_authkeyid);
 	if (put_user(len, optlen))
 		return -EFAULT;
 	if (copy_to_user(optval, &val, len))
@@ -5665,7 +5669,7 @@ static int sctp_getsockopt_peer_auth_chu
 	if (len < sizeof(struct sctp_authchunks))
 		return -EINVAL;
 
-	if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
+	if (copy_from_user(&val, optval, sizeof(val)))
 		return -EFAULT;
 
 	to = p->gauth_chunks;
@@ -5710,7 +5714,7 @@ static int sctp_getsockopt_local_auth_ch
 	if (len < sizeof(struct sctp_authchunks))
 		return -EINVAL;
 
-	if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks)))
+	if (copy_from_user(&val, optval, sizeof(val)))
 		return -EFAULT;
 
 	to = p->gauth_chunks;

  parent reply	other threads:[~2018-03-02  8:51 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-02  8:50 [PATCH 4.4 00/34] 4.4.120-stable review Greg Kroah-Hartman
2018-03-02  8:50 ` [PATCH 4.4 01/34] hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) Greg Kroah-Hartman
2018-03-02  8:50 ` [PATCH 4.4 02/34] f2fs: fix a bug caused by NULL extent tree Greg Kroah-Hartman
2018-03-02  8:50 ` [PATCH 4.4 03/34] mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM Greg Kroah-Hartman
2018-03-06 21:22   ` Ben Hutchings
2018-03-07  8:12     ` Boris Brezillon
2018-03-07  8:19       ` Richard Weinberger
2018-03-07  8:19         ` Richard Weinberger
2018-03-07 14:58       ` Sasha Levin
2018-03-02  8:51 ` [PATCH 4.4 04/34] ipv6: icmp6: Allow icmp messages to be looped back Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 05/34] ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 06/34] sget(): handle failures of register_shrinker() Greg Kroah-Hartman
2018-03-07  2:16   ` Ben Hutchings
2018-03-02  8:51 ` [PATCH 4.4 07/34] drm/nouveau/pci: do a msi rearm on init Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 08/34] spi: atmel: fixed spin_lock usage inside atmel_spi_remove Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 09/34] net: arc_emac: fix arc_emac_rx() error paths Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 10/34] scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 11/34] ARM: dts: ls1021a: fix incorrect clock references Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 12/34] lib/mpi: Fix umul_ppmm() for MIPS64r6 Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 13/34] tg3: Add workaround to restrict 5762 MRRS to 2048 Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 14/34] tg3: Enable PHY reset in MTU change path for 5720 Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 15/34] bnx2x: Improve reliability in case of nested PCI errors Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 16/34] led: core: Fix brightness setting when setting delay_off=0 Greg Kroah-Hartman
2018-03-07 15:30   ` Ben Hutchings
2018-03-07 15:32   ` Ben Hutchings
2018-03-07 20:39     ` Jacek Anaszewski
2018-03-08 17:24       ` Greg Kroah-Hartman
2018-03-08 18:04         ` Pavel Machek
2018-03-08 20:48         ` Jacek Anaszewski
2018-03-09  1:09           ` Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 17/34] s390/dasd: fix wrongly assigned configuration data Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 18/34] IB/mlx4: Fix mlx4_ib_alloc_mr error flow Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 19/34] IB/ipoib: Fix race condition in neigh creation Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 20/34] xfs: quota: fix missed destroy of qi_tree_lock Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 21/34] xfs: quota: check result of register_shrinker() Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 22/34] e1000: fix disabling already-disabled warning Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 23/34] drm/ttm: check the return value of kzalloc Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 24/34] mac80211: mesh: drop frames appearing to be from us Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 25/34] can: flex_can: Correct the checking for frame length in flexcan_start_xmit() Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 26/34] bnxt_en: Fix the Invalid VF id check in bnxt_vf_ndo_prep routine Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 27/34] xen-netfront: enable device after manual module load Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 28/34] mdio-sun4i: Fix a memory leak Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 29/34] SolutionEngine771x: fix Ether platform data Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 30/34] xen/gntdev: Fix off-by-one error when unmapping with holes Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 31/34] xen/gntdev: Fix partial gntdev_mmap() cleanup Greg Kroah-Hartman
2018-03-02  8:51 ` Greg Kroah-Hartman [this message]
2018-03-02  8:51 ` [PATCH 4.4 33/34] net: gianfar_ptp: move set_fipers() to spinlock protecting area Greg Kroah-Hartman
2018-03-02  8:51 ` [PATCH 4.4 34/34] MIPS: Implement __multi3 for GCC7 MIPS64r6 builds Greg Kroah-Hartman
2018-03-02 12:22 ` [PATCH 4.4 00/34] 4.4.120-stable review Nathan Chancellor
2018-03-02 18:53   ` Greg Kroah-Hartman
2018-03-02 13:58 ` kernelci.org bot
2018-03-02 16:59 ` Naresh Kamboju
2018-03-02 17:16 ` Guenter Roeck
2018-03-02 21:30 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180302084438.054235528@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=alexander.levin@microsoft.com \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcelo.leitner@gmail.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.