Re: [PATCH RESEND] sctp: fix incorrect overflow check on autoclose

Vladislav Yasevich <vladislav.yasevich@xxxxxx> · Fri, 09 Dec 2011 12:38:19 -0500

On 12/08/2011 08:24 PM, Xi Wang wrote:
> The commit 8ffd3208 voids the previous patches f6778aab and 810c0719
> for limiting the maximum autoclose value.  If userspace passes in -1
> on 32-bit platform, the overflow check didn't work and autoclose
> would be set to 0xffffffff.
> 
> Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Andrei Pelinescu-Onciul <andrei@xxxxxxxxx>
> Cc: Vlad Yasevich <vladislav.yasevich@xxxxxx>
> Cc: David S. Miller <davem@xxxxxxxxxxxxx>
> ---
>  net/sctp/socket.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> index 13bf5fc..bb91281 100644
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -2201,7 +2201,8 @@ static int sctp_setsockopt_autoclose(struct sock *sk, char __user *optval,
>  	if (copy_from_user(&sp->autoclose, optval, optlen))
>  		return -EFAULT;
>  	/* make sure it won't exceed MAX_SCHEDULE_TIMEOUT */
> -	sp->autoclose = min_t(long, sp->autoclose, MAX_SCHEDULE_TIMEOUT / HZ);
> +	sp->autoclose = min_t(unsigned long, sp->autoclose,
> +			      MAX_SCHEDULE_TIMEOUT / HZ);

I think this should be u32 since that's what sp->autoclose is.

-vlad

>  
>  	return 0;
>  }

--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html