net: socket: add check for negative optlen in compat setsockopt

thejh · davem330 · commit 52baf9878b65 · 2019-02-22T11:49:28.000-08:00
__sys_setsockopt() already checks for `optlen &lt; 0`. Add an equivalent check
to the compat path for robustness. This has to be `&gt; INT_MAX` instead of
`&lt; 0` because the signedness of `optlen` is different here.

Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
diff --git a/net/compat.c b/net/compat.c
@@ -388,8 +388,12 @@ static int __compat_sys_setsockopt(int fd, int level, int optname,
 				   char __user *optval, unsigned int optlen)
 {
 	int err;
-	struct socket *sock = sockfd_lookup(fd, &err);
+	struct socket *sock;
+
+	if (optlen > INT_MAX)
+		return -EINVAL;
 
+	sock = sockfd_lookup(fd, &err);
 	if (sock) {
 		err = security_socket_setsockopt(sock, level, optname);
 		if (err) {
