subject:"\[PATCH\] net\: sctp, forbid negative length"

Re: [PATCH] net: sctp, forbid negative length

2016-10-23 Thread David Miller

From: Jiri Slaby Date: Fri, 21 Oct 2016 14:13:24 +0200 > Most of getsockopt handlers in net/sctp/socket.c check len against > sizeof some structure like: > if (len < sizeof(int)) > return -EINVAL; > > On the first look, the check seems to be correct. But

Re: [PATCH] net: sctp, forbid negative length

2016-10-21 Thread Neil Horman

On Fri, Oct 21, 2016 at 02:13:24PM +0200, Jiri Slaby wrote: > Most of getsockopt handlers in net/sctp/socket.c check len against > sizeof some structure like: > if (len < sizeof(int)) > return -EINVAL; > > On the first look, the check seems to be correct. But since len is

[PATCH] net: sctp, forbid negative length

2016-10-21 Thread Jiri Slaby

Most of getsockopt handlers in net/sctp/socket.c check len against sizeof some structure like: if (len < sizeof(int)) return -EINVAL; On the first look, the check seems to be correct. But since len is int and sizeof returns size_t, int gets promoted to unsigned size_t too.