lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue,  8 Mar 2016 16:30:38 -0800
From:	Kamal Mostafa <>
Cc:	"Dmitry V . Levin" <>,
	"David S . Miller" <>,
	Kamal Mostafa <>
Subject: [PATCH 3.19.y-ckt 180/196] unix_diag: fix incorrect sign extension in unix_lookup_by_ino

3.19.8-ckt16 -stable review patch.  If anyone has any objections, please let me know.


From: "Dmitry V. Levin" <>

[ Upstream commit b5f0549231ffb025337be5a625b0ff9f52b016f0 ]

The value passed by unix_diag_get_exact to unix_lookup_by_ino has type
__u32, but unix_lookup_by_ino's argument ino has type int, which is not
a problem yet.
However, when ino is compared with sock_i_ino return value of type
unsigned long, ino is sign extended to signed long, and this results
to incorrect comparison on 64-bit architectures for inode numbers
greater than INT_MAX.

This bug was found by strace test suite.

Fixes: 5d3cae8bc39d ("unix_diag: Dumping exact socket core")
Signed-off-by: Dmitry V. Levin <>
Acked-by: Cong Wang <>
Signed-off-by: David S. Miller <>
Signed-off-by: Kamal Mostafa <>
 net/unix/diag.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/unix/diag.c b/net/unix/diag.c
index 86fa0f3..27dd3dc 100644
--- a/net/unix/diag.c
+++ b/net/unix/diag.c
@@ -219,7 +219,7 @@ done:
 	return skb->len;
-static struct sock *unix_lookup_by_ino(int ino)
+static struct sock *unix_lookup_by_ino(unsigned int ino)
 	int i;
 	struct sock *sk;

Powered by blists - more mailing lists