Description: net: Negative socket receive buffer size permitted
References:
Notes:
 bwh> Prior to commit 82981930125a "net: cleanups in sock_setsockopt()":
 bwh> - The comparison with SOCK_MIN_SNDBUF used type int, so it
 bwh>   rejected negative values
 bwh> - The comparison with SOCK_MIN_RCVBUF used type size_t, so it did
 bwh>   *not* reject negative values
 bwh> - The comparisons of val with sysctl_wmem_max used type u32, so
 bwh>   they rejected negative values *unless* sysctl_wmem_max >=
 bwh>   1 << 30 (and why would you set it that high?!)
 bwh> So it was possible to set a negative value for sock::sk_rcvbuf
 bwh> through SO_RCVBUFFORCE (escalation from CAP_NET_ADMIN to kernel)
 bwh> or through SO_RCVBUF (escalation from user to kernel) iff
 bwh> sysctl_wmem_max was large enough.
Bugs:
upstream: released (3.5-rc1) [82981930125abfd39d7c8378a9cfdf5e1be2002b]
3.16-upstream-stable: N/A "Fixed before initial 3.16 release"
3.2-upstream-stable: released (3.2.85) [net-cleanups-in-sock_setsockopt.patch]
sid: released (3.8.11-1)
3.16-jessie-security: N/A "Fixed before initial 3.16 release"
3.2-wheezy-security: released (3.2.84-1) [bugfix/all/net-cleanups-in-sock_setsockopt.patch]