[PATCH net v3 3/4] rxrpc: Improve setsockopt() handling of malformed user input
David Howells
dhowells at redhat.com
Fri Nov 29 09:04:10 PST 2024
Michal Luczaj <mhal at rbox.co> wrote:
> copy_from_sockptr() does not return negative value on error; instead, it
> reports the number of bytes that failed to copy. Since it's deprecated,
> switch to copy_safe_from_sockptr().
>
> Note: Keeping the `optlen != sizeof(unsigned int)` check as
> copy_safe_from_sockptr() by itself would also accept
> optlen > sizeof(unsigned int). Which would allow a more lenient handling
> of inputs.
>
> Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
> Signed-off-by: Michal Luczaj <mhal at rbox.co>
Acked-by: David Howells <dhowells at redhat.com>
More information about the linux-afs
mailing list