From 12adf1e0c724c5825aa5e26c4c12750ad661ad41 Mon Sep 17 00:00:00 2001 From: Eric B Munson Date: Mon, 18 May 2015 14:35:58 -0400 Subject: [PATCH] tcp: Return error instead of partial read for saved syn headers Currently the getsockopt() requesting the cached contents of the syn packet headers will fail silently if the caller uses a buffer that is too small to contain the requested data. Rather than fail silently and discard the headers, getsockopt() should return an error and report the required size to hold the data. Signed-off-by: Eric B Munson Cc: Eric Dumazet Cc: Alexey Kuznetsov Cc: James Morris Cc: Hideaki YOSHIFUJI Cc: Patrick McHardy Cc: netdev@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: David S. Miller --- net/ipv4/tcp.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index c724195e58628..bb9bb844204f9 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -2845,7 +2845,15 @@ static int do_tcp_getsockopt(struct sock *sk, int level, lock_sock(sk); if (tp->saved_syn) { - len = min_t(unsigned int, tp->saved_syn[0], len); + if (len < tp->saved_syn[0]) { + if (put_user(tp->saved_syn[0], optlen)) { + release_sock(sk); + return -EFAULT; + } + release_sock(sk); + return -EINVAL; + } + len = tp->saved_syn[0]; if (put_user(len, optlen)) { release_sock(sk); return -EFAULT; -- 2.39.5