Skip to content
Snippets Groups Projects
Commit ec33da9a authored by Tamir Duberstein's avatar Tamir Duberstein Committed by Greg Kroah-Hartman
Browse files

ipv6: raw: check passed optlen before reading 

[ Upstream commit fb7bc920 ]

Add a check that the user-provided option is at least as long as the
number of bytes we intend to read. Before this patch we would blindly
read sizeof(int) bytes even in cases where the user passed
optlen<sizeof(int), which would potentially read garbage or fault.

Discovered by new tests in https://github.com/google/gvisor/pull/6957

 .

The original get_user call predates history in the git repo.

Signed-off-by: default avatarTamir Duberstein <tamird@gmail.com>
Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Link: https://lore.kernel.org/r/20211229200947.2862255-1-willemdebruijn.kernel@gmail.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 04d94593
No related branches found
No related tags found
1 merge request!531upgrade to v5.15.14
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment