From: Hangbin Liu <liuhangbin@gmail.com>
Date: Thu, 26 Jul 2012 22:52:21 +0000 (+0000)
Subject: tcp: Add TCP_USER_TIMEOUT negative value check
X-Git-Tag: firefly_0821_release~7541^2~852
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8d7c99de6821880884e6f9ade1c6f269d40ebbae;p=firefly-linux-kernel-4.4.55.git

tcp: Add TCP_USER_TIMEOUT negative value check

[ Upstream commit 42493570100b91ef663c4c6f0c0fdab238f9d3c2 ]

TCP_USER_TIMEOUT is a TCP level socket option that takes an unsigned int. But
patch "tcp: Add TCP_USER_TIMEOUT socket option"(dca43c75) didn't check the negative
values. If a user assign -1 to it, the socket will set successfully and wait
for 4294967295 miliseconds. This patch add a negative value check to avoid
this issue.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 6db041d3284c..b6ec23c7ffc5 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2394,7 +2394,10 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
 		/* Cap the max timeout in ms TCP will retry/retrans
 		 * before giving up and aborting (ETIMEDOUT) a connection.
 		 */
-		icsk->icsk_user_timeout = msecs_to_jiffies(val);
+		if (val < 0)
+			err = -EINVAL;
+		else
+			icsk->icsk_user_timeout = msecs_to_jiffies(val);
 		break;
 	default:
 		err = -ENOPROTOOPT;