From: Shan Wei Date: Tue, 22 Sep 2009 15:41:10 +0000 (+0000) Subject: ipv4: check optlen for IP_MULTICAST_IF option X-Git-Tag: firefly_0821_release~11864^2~295 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=0915921bde4eb5d943b17c175febac58a254d7b6;p=firefly-linux-kernel-4.4.55.git ipv4: check optlen for IP_MULTICAST_IF option Due to man page of setsockopt, if optlen is not valid, kernel should return -EINVAL. But a simple testcase as following, errno is 0, which means setsockopt is successful. addr.s_addr = inet_addr("192.1.2.3"); setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &addr, 1); printf("errno is %d\n", errno); Xiaotian Feng(dfeng@redhat.com) caught the bug. We fix it firstly checking the availability of optlen and then dealing with the logic like other options. Reported-by: Xiaotian Feng Signed-off-by: Shan Wei Acked-by: Alexey Kuznetsov Signed-off-by: David S. Miller --- diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index fc7993e9061f..5a0693576e82 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -611,6 +611,9 @@ static int do_ip_setsockopt(struct sock *sk, int level, * Check the arguments are allowable */ + if (optlen < sizeof(struct in_addr)) + goto e_inval; + err = -EFAULT; if (optlen >= sizeof(struct ip_mreqn)) { if (copy_from_user(&mreq, optval, sizeof(mreq)))