| From foo@baz Wed Feb 28 16:16:23 CET 2018 |
| From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> |
| Date: Mon, 8 Jan 2018 19:02:29 -0200 |
| Subject: sctp: make use of pre-calculated len |
| |
| From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> |
| |
| |
| [ Upstream commit c76f97c99ae6d26d14c7f0e50e074382bfbc9f98 ] |
| |
| Some sockopt handling functions were calculating the length of the |
| buffer to be written to userspace and then calculating it again when |
| actually writing the buffer, which could lead to some write not using |
| an up-to-date length. |
| |
| This patch updates such places to just make use of the len variable. |
| |
| Also, replace some sizeof(type) to sizeof(var). |
| |
| Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/sctp/socket.c | 16 ++++++++++------ |
| 1 file changed, 10 insertions(+), 6 deletions(-) |
| |
| --- a/net/sctp/socket.c |
| +++ b/net/sctp/socket.c |
| @@ -4458,7 +4458,7 @@ static int sctp_getsockopt_autoclose(str |
| len = sizeof(int); |
| if (put_user(len, optlen)) |
| return -EFAULT; |
| - if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int))) |
| + if (copy_to_user(optval, &sctp_sk(sk)->autoclose, len)) |
| return -EFAULT; |
| return 0; |
| } |
| @@ -5035,6 +5035,9 @@ copy_getaddrs: |
| err = -EFAULT; |
| goto out; |
| } |
| + /* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too, |
| + * but we can't change it anymore. |
| + */ |
| if (put_user(bytes_copied, optlen)) |
| err = -EFAULT; |
| out: |
| @@ -5471,7 +5474,7 @@ static int sctp_getsockopt_maxseg(struct |
| params.assoc_id = 0; |
| } else if (len >= sizeof(struct sctp_assoc_value)) { |
| len = sizeof(struct sctp_assoc_value); |
| - if (copy_from_user(¶ms, optval, sizeof(params))) |
| + if (copy_from_user(¶ms, optval, len)) |
| return -EFAULT; |
| } else |
| return -EINVAL; |
| @@ -5635,7 +5638,9 @@ static int sctp_getsockopt_active_key(st |
| |
| if (len < sizeof(struct sctp_authkeyid)) |
| return -EINVAL; |
| - if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid))) |
| + |
| + len = sizeof(struct sctp_authkeyid); |
| + if (copy_from_user(&val, optval, len)) |
| return -EFAULT; |
| |
| asoc = sctp_id2assoc(sk, val.scact_assoc_id); |
| @@ -5647,7 +5652,6 @@ static int sctp_getsockopt_active_key(st |
| else |
| val.scact_keynumber = ep->active_key_id; |
| |
| - len = sizeof(struct sctp_authkeyid); |
| if (put_user(len, optlen)) |
| return -EFAULT; |
| if (copy_to_user(optval, &val, len)) |
| @@ -5673,7 +5677,7 @@ static int sctp_getsockopt_peer_auth_chu |
| if (len < sizeof(struct sctp_authchunks)) |
| return -EINVAL; |
| |
| - if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) |
| + if (copy_from_user(&val, optval, sizeof(val))) |
| return -EFAULT; |
| |
| to = p->gauth_chunks; |
| @@ -5718,7 +5722,7 @@ static int sctp_getsockopt_local_auth_ch |
| if (len < sizeof(struct sctp_authchunks)) |
| return -EINVAL; |
| |
| - if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) |
| + if (copy_from_user(&val, optval, sizeof(val))) |
| return -EFAULT; |
| |
| to = p->gauth_chunks; |