53 lines
1.7 KiB
Diff
53 lines
1.7 KiB
Diff
From e5f9811e44fcf067a0dbb8abf55bbad454a1688a Mon Sep 17 00:00:00 2001
|
||
From: Guenter Roeck <linux@roeck-us.net>
|
||
Date: Wed, 27 Feb 2013 10:57:31 +0000
|
||
Subject: net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS
|
||
|
||
|
||
From: Guenter Roeck <linux@roeck-us.net>
|
||
|
||
commit 726bc6b092da4c093eb74d13c07184b18c1af0f1 upstream.
|
||
|
||
Building sctp may fail with:
|
||
|
||
In function ‘copy_from_user’,
|
||
inlined from ‘sctp_getsockopt_assoc_stats’ at
|
||
net/sctp/socket.c:5656:20:
|
||
arch/x86/include/asm/uaccess_32.h:211:26: error: call to
|
||
‘copy_from_user_overflow’ declared with attribute error: copy_from_user()
|
||
buffer size is not provably correct
|
||
|
||
if built with W=1 due to a missing parameter size validation
|
||
before the call to copy_from_user.
|
||
|
||
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
|
||
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
|
||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
---
|
||
net/sctp/socket.c | 6 +++---
|
||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||
|
||
--- a/net/sctp/socket.c
|
||
+++ b/net/sctp/socket.c
|
||
@@ -5653,6 +5653,9 @@ static int sctp_getsockopt_assoc_stats(s
|
||
if (len < sizeof(sctp_assoc_t))
|
||
return -EINVAL;
|
||
|
||
+ /* Allow the struct to grow and fill in as much as possible */
|
||
+ len = min_t(size_t, len, sizeof(sas));
|
||
+
|
||
if (copy_from_user(&sas, optval, len))
|
||
return -EFAULT;
|
||
|
||
@@ -5686,9 +5689,6 @@ static int sctp_getsockopt_assoc_stats(s
|
||
/* Mark beginning of a new observation period */
|
||
asoc->stats.max_obs_rto = asoc->rto_min;
|
||
|
||
- /* Allow the struct to grow and fill in as much as possible */
|
||
- len = min_t(size_t, len, sizeof(sas));
|
||
-
|
||
if (put_user(len, optlen))
|
||
return -EFAULT;
|
||
|