summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArjan van de Ven <arjan@linux.intel.com>2009-09-30 13:51:11 +0200
committerGreg Kroah-Hartman <gregkh@suse.de>2009-10-05 08:11:46 -0700
commitdc7fec29e1f24be79190e25aef1583c92111b052 (patch)
treeef96ebc24f6e05dfa8bf9e621d6a99f09758733a
parent18494baca2fd31e6203be2ae9c572c86667da1b1 (diff)
downloadlwn-dc7fec29e1f24be79190e25aef1583c92111b052.tar.gz
lwn-dc7fec29e1f24be79190e25aef1583c92111b052.zip
net ax25: Fix signed comparison in the sockopt handler
fixed upstream in commit b7058842c940ad2c08dd829b21e5c92ebe3b8758 in a different way The ax25 code tried to use if (optlen < sizeof(int)) return -EINVAL; as a security check against optlen being negative (or zero) in the set socket option. Unfortunately, "sizeof(int)" is an unsigned property, with the result that the whole comparison is done in unsigned, letting negative values slip through. This patch changes this to if (optlen < (int)sizeof(int)) return -EINVAL; so that the comparison is done as signed, and negative values get properly caught. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: David S. Miller <davem@davemloft.net> Cc: Ingo Molnar <mingo@elte.hu> Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--net/ax25/af_ax25.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 28c71574a781..cd9d526716c0 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -539,7 +539,7 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname,
if (level != SOL_AX25)
return -ENOPROTOOPT;
- if (optlen < sizeof(int))
+ if (optlen < (int)sizeof(int))
return -EINVAL;
if (get_user(opt, (int __user *)optval))