From: Matthias Rosenfelder <mrosenfelder.lkml@gmail.com>
Date: Thu, 6 Jul 2017 00:56:36 -0400
Subject: TLS: Fix length check in do_tls_getsockopt_tx()
Patch-mainline: v4.13-rc1
Git-commit: 5a3b886c3cc5de1b9ec618bf27e1b31c6624f3ca
References: bsc#1103990 FATE#326006

copy_to_user() copies the struct the pointer is pointing to, but the
length check compares against sizeof(pointer) and not sizeof(struct).
On 32-bit the size is probably the same, so it might have worked
accidentally.

Signed-off-by: Matthias Rosenfelder <mrosenfelder.lkml@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
 net/tls/tls_main.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -272,7 +272,7 @@ static int do_tls_getsockopt_tx(struct s
 		goto out;
 	}
 
-	if (len == sizeof(crypto_info)) {
+	if (len == sizeof(*crypto_info)) {
 		if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
 			rc = -EFAULT;
 		goto out;