net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
authorEric Dumazet <edumazet@google.com>
Fri, 2 Dec 2016 17:44:53 +0000 (09:44 -0800)
committerManish Tuteja <mtuteja@nvidia.com>
Thu, 6 Apr 2017 01:00:33 +0000 (18:00 -0700)
commit35cd811ebf798306a6d27af32a61be211a9db131
treec82acff989392d2633d5e3ddf1305e4ec1f948bd
parent3be264a961cfd7570ad4cd20e5003fa5d49c57d9
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE

CAP_NET_ADMIN users should not be allowed to set negative
sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
corruptions, crashes, OOM...

Note that before commit 82981930125a ("net: cleanups in
sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF
and SO_RCVBUF were vulnerable.

This needs to be backported to all known linux kernels.

Again, many thanks to syzkaller team for discovering this gem.

Bug 1880704

Change-Id: I26b2411b5a5fd532fa8c02e2c68d0ec9acb784b1
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1311861
(cherry picked from commit f459cad9a16059c8dbebb9a092ae172ea4a86235)
Reviewed-on: http://git-master/r/1314069
(cherry picked from commit 59df690ce8a50ea463e93ecc65dd897833cc54ad)
Reviewed-on: http://git-master/r/1455429
Reviewed-by: Manish Tuteja <mtuteja@nvidia.com>
Tested-by: Manish Tuteja <mtuteja@nvidia.com>
net/core/sock.c