From: Jiri Slaby > Sent: 24 November 2016 09:18 > This patch has been added to the 3.12 stable tree. If you have any > objections, please let us know. > > =============== > > [ Upstream commit a4b8e71b05c27bae6bad3bdecddbc6b68a3ad8cf ] > > Most of getsockopt handlers in net/sctp/socket.c check len against > sizeof some structure like: > if (len < sizeof(int)) > return -EINVAL; > > On the first look, the check seems to be correct. But since len is int > and sizeof returns size_t, int gets promoted to unsigned size_t too. So > the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is > false. Would it be worth adding the check in the generic setsockopt/getsockopt system call code instead of in each and every protocol? (Clearly for net-next, not stable.) David -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html