Commit bed90ca0 authored by Dmitry V. Levin's avatar Dmitry V. Levin Committed by Kamal Mostafa

unix_diag: fix incorrect sign extension in unix_lookup_by_ino

commit b5f05492 upstream.

The value passed by unix_diag_get_exact to unix_lookup_by_ino has type
__u32, but unix_lookup_by_ino's argument ino has type int, which is not
a problem yet.
However, when ino is compared with sock_i_ino return value of type
unsigned long, ino is sign extended to signed long, and this results
to incorrect comparison on 64-bit architectures for inode numbers
greater than INT_MAX.

This bug was found by strace test suite.

Fixes: 5d3cae8b ("unix_diag: Dumping exact socket core")
Signed-off-by: default avatarDmitry V. Levin <ldv@altlinux.org>
Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
parent 6716f397
...@@ -219,7 +219,7 @@ static int unix_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) ...@@ -219,7 +219,7 @@ static int unix_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
return skb->len; return skb->len;
} }
static struct sock *unix_lookup_by_ino(int ino) static struct sock *unix_lookup_by_ino(unsigned int ino)
{ {
int i; int i;
struct sock *sk; struct sock *sk;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment