net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (3a15c850) · Commits · CodeLinaro / la / kernel / x86

Commit 3a15c850 authored 8 years ago by Eric Dumazet Committed by jenkins_ndg 8 years ago

net: avoid signed overflows for SO_{SND|RCV}BUFFORCE

CAP_NET_ADMIN users should not be allowed to set negative
sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
corruptions, crashes, OOM...

Note that before commit 82981930 ("net: cleanups in
sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF
and SO_RCVBUF were vulnerable.

This needs to be backported to all known linux kernels.

Again, many thanks to syzkaller team for discovering this gem.

Change-Id: I158db8dd09043734287ba70be657881c5185fd71
Tracked-On: https://jira01.devtools.intel.com/browse/AW-4391


Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Reviewed-on: https://android.intel.com/569900


Reviewed-by: Louis, FabienX <fabienx.louis@intel.com>
Tested-by: Louis, FabienX <fabienx.louis@intel.com>
Reviewed-by: Deverge, Jean-francoisX <jean-francoisx.deverge@intel.com>
Reviewed-by: Dubray, SimonX <simonx.dubray@intel.com>
Reviewed-by: Akue, LoicX <loicx.akue@intel.com>
Reviewed-by: Tasayco Loarte, VictorX <victorx.tasayco.loarte@intel.com>

parent b457f294

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 2 additions and 2 deletions

Please register or to comment