[PATCH 4.4 15/57] sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec

From: Greg Kroah-Hartman
Date: Thu Jul 13 2017 - 11:55:43 EST

4.4-stable review patch. If anyone has any objections, please let me know.


From: Liping Zhang <zlpnobody@xxxxxxxxx>

commit 425fffd886bae3d127a08fa6a17f2e31e24ed7ff upstream.

Currently, inputting the following command will succeed but actually the
value will be truncated:

# echo 0x12ffffffff > /proc/sys/net/ipv4/tcp_notsent_lowat

This is not friendly to the user, so instead, we should report error
when the value is larger than UINT_MAX.

Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields")
Signed-off-by: Liping Zhang <zlpnobody@xxxxxxxxx>
Cc: Subash Abhinov Kasiviswanathan <subashab@xxxxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

kernel/sysctl.c | 2 ++
1 file changed, 2 insertions(+)

--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2067,6 +2067,8 @@ static int do_proc_douintvec_conv(bool *
if (write) {
if (*negp)
return -EINVAL;
+ if (*lvalp > UINT_MAX)
+ return -EINVAL;
*valp = *lvalp;
} else {
unsigned int val = *valp;