git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Tamir Duberstein <tamird@gmail.com>
	Wed, 29 Dec 2021 20:09:47 +0000 (15:09 -0500)
committer	Andrea Righi <andrea.righi@canonical.com>
	Fri, 21 Jan 2022 14:49:32 +0000 (15:49 +0100)
commit	2e06998d5d34e3647b9266cf8f2a26a2b6509076
tree	fd4f339cc09155cdaca437a7f7ef1476a757f2fc	tree
parent	e76467938ce88c88a18f19d7b43d44f4d8cb3741	commit \| diff

ipv6: raw: check passed optlen before reading

BugLink: https://bugs.launchpad.net/bugs/1957882
[ Upstream commit fb7bc9204095090731430c8921f9e629740c110a ]

Add a check that the user-provided option is at least as long as the
number of bytes we intend to read. Before this patch we would blindly
read sizeof(int) bytes even in cases where the user passed
optlen<sizeof(int), which would potentially read garbage or fault.

Discovered by new tests in https://github.com/google/gvisor/pull/6957 .

The original get_user call predates history in the git repo.

Signed-off-by: Tamir Duberstein <tamird@gmail.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Link: https://lore.kernel.org/r/20211229200947.2862255-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Paolo Pisati <p.pisati@gmail.com>