Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2380137lqp;
        Sun, 24 Mar 2024 16:50:33 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUnKMpIEGmdZYz3EZT63yzAMntImLGP8hdU56+CaD9JQDvVw9Lsip1xMkUd82On9nmpgdR2t3bQ2cCJrfJ40ZjJZZCb9biM+Br/urPHUg==
X-Google-Smtp-Source: AGHT+IFQEDsum6b2SpgJ4M00FocnnBU1CXG/a0RH6UyScIdbaR2Nu/nlDzx03si2U1yMwG1zE4QF
X-Received: by 2002:a17:906:d81:b0:a46:a9ad:837c with SMTP id m1-20020a1709060d8100b00a46a9ad837cmr3137860eji.49.1711324233596;
        Sun, 24 Mar 2024 16:50:33 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711324233; cv=pass;
        d=google.com; s=arc-20160816;
        b=ENY+tj+eXr+q0tNxZ8q6852Ac03RUBeQ0km4W7+1h5mn9KyH0SnfFI/Mx131rdVL8n
         /GR7oj/2aWLYkEozAUU8Mq587KGm2tYrGY+fzdsa+ut1lC+kz2fyLeiKRhGrtkcQA8qn
         SjQdAtFaGT6tIjXTU5p54IXkA8nTwc9Da/smxNaJOQ8uWBs2vGRcKjE9r3wwkPZhSIwW
         qCzBrkIxhyFS9gYxsohlbA9ESop3tNFvisHOM84P5P3p7y+JEFMgn1GQ7Ne7+z20Jc4S
         mizBlNrem4Ih6envu9JnvP/SGS5FQigI0LrzBfAlPWbvCxuiKsVkis2EXUzMoLkyF0gu
         kO5Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=NhcmkmJMo4cf31YDw0TEfirBOKE+FIiIFukT0nXLtm0=;
        fh=3rysoXM2rdN9BGDZv0rDH1QSB0DsyZhdDh+wL2wqffI=;
        b=MkBtFWe74F1RTF4E75kv73uv5khOnzVeaMpjlNBYi5BjKnd7aRxhfhbGnfXfhDOIQS
         qM/2kQsMI/10JVMkRYfLw5cthHfW06uA1Y3D6vuNpmEZtrPVQG3eKfwuoCDuQ5ylt4KT
         qWgpnXuwt8OQPRG6dcmSFNcRj+0un6h87E+qbBcbGGsQaTSvtA7UiVYbKUHLfGa3ma64
         +Pz4kjJPLneyahEeuyAcm/7DXdhRRu2fYW/uuLKiO+LNHzh0h0B06egrl9xCSkyi3EDj
         /dP0QfHuD2cAk3L7MdrFhTAJlnBCb3xnJVfwyFK5XIMY6MEruK8KU/DfTzlRfAmzIUWS
         cGqA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BIsuMVlb;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id m6-20020a1709060d8600b00a46d5a817bfsi2116008eji.259.2024.03.24.16.50.33
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 24 Mar 2024 16:50:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BIsuMVlb;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113231-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 4E8531F21F49
	for <linux.lists.archive@gmail.com>; Sun, 24 Mar 2024 23:50:33 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 3727613C912;
	Sun, 24 Mar 2024 22:40:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BIsuMVlb"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 420F713C8F5;
	Sun, 24 Mar 2024 22:40:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711320032; cv=none; b=sSMusVqOdOD8Vzn124Klozuh4WLTUeXyMmCBubngLuHKqbM0gXT9QuOlBucYzw1eykUROTlB6JIn2EZ1RutwUQTvN0h8Byp9eAvgCTVLEglwM7+nkYqyF990/RIjj3DGCmUqARGPjusGVByG7ha85L9o5jsuLlxom01Q2yiN9yU=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711320032; c=relaxed/simple;
	bh=v11nOk9WMIawSUi2NTo75pwxYN0u6dGKGLF3hwTXg3Y=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=ap7KWONVedc79ot0sZoK6k5x6DKX+z5RzM0d/CxBhYeQOD9iarbwXQDLITXxXwEZACc75lIKX/iFsh0EiPkLdGRghof7IiZg6a2935uUVMYWWhxl0k8QSRj2+V9DPMbWU+jVvNwc83PANg4PJ/EEhK1mQSMalCzPNZ2pcK72XYE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BIsuMVlb; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 64445C433F1;
	Sun, 24 Mar 2024 22:40:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1711320032;
	bh=v11nOk9WMIawSUi2NTo75pwxYN0u6dGKGLF3hwTXg3Y=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=BIsuMVlbn1Aiwegm+OIcEYxJdF/7wmujE2o3DNQbrlOYWvq8OdfZrqHV8ka4wyFiV
	 46ax869zvQsZ9dW0exGO+u7rbA+wr4AH3rzpj4p6wmkxRCzN1vw1jyL+EibYZnCE+d
	 q+7k8hnH2T+Pm54UP1b2RQ5nndq5QitODKCFBdhNEBM7qrYwVxOFiF62Zuy5Dp0B5I
	 /H1pCH4L0uphIRmpMaGpWVjUFA80JmYFFD45NR2RSsyZTfyVwB8bd42tARIYWCm/2U
	 ZkHEV207zoWG0Vyt8vrqTycr3AcY0Q0D43TV3co60oz14pRAclifiO03JJDqkSjb87
	 W7rX7PQf+uUxw==
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Cc: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>,
	Willem de Bruijn <willemb@google.com>,
	"David S . Miller" <davem@davemloft.net>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.8 340/715] udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
Date: Sun, 24 Mar 2024 18:28:39 -0400
Message-ID: <20240324223455.1342824-341-sashal@kernel.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240324223455.1342824-1-sashal@kernel.org>
References: <20240324223455.1342824-1-sashal@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit

From: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>

[ Upstream commit 4bb3ba7b74fceec6f558745b25a43c6521cf5506 ]

The 'len' variable can't be negative when assigned the result of
'min_t' because all 'min_t' parameters are cast to unsigned int,
and then the minimum one is chosen.

To fix the logic, check 'len' as read from 'optlen',
where the types of relevant variables are (signed) int.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv4/udp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index e474b201900f9..17231c0f88302 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -2792,11 +2792,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
 	if (get_user(len, optlen))
 		return -EFAULT;
 
-	len = min_t(unsigned int, len, sizeof(int));
-
 	if (len < 0)
 		return -EINVAL;
 
+	len = min_t(unsigned int, len, sizeof(int));
+
 	switch (optname) {
 	case UDP_CORK:
 		val = udp_test_bit(CORK, sk);
-- 
2.43.0