Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2489261lqp;
        Sun, 24 Mar 2024 23:14:56 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWjp2xPCTHCdHQ4SBZhcfd7/MFQPuT0rW1QimK6RyDVXFmJgsdg5k+fU4/lK5US4Le6jq5RYE3ZEMA7MP2hsttOkelOMvkSjdPOnyZ1hg==
X-Google-Smtp-Source: AGHT+IEr9Xnf/xeboAnUrSpEAMGPSyUX1RprQzoZS7xQJ/dCGgDB/SMB0uaneT66dxFm6DQhy4jH
X-Received: by 2002:a05:620a:f8f:b0:78a:26a7:624f with SMTP id b15-20020a05620a0f8f00b0078a26a7624fmr5576807qkn.23.1711347295979;
        Sun, 24 Mar 2024 23:14:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711347295; cv=pass;
        d=google.com; s=arc-20160816;
        b=Urpb9qnS/gLR1bM3lD3BQVLd0R2j4YRnVddIGyUXyDD0c+yC52GkKUgFUFULW1IiA2
         6zuNHJp1F8aN6rM2ZWyfSUnsAbmiQgYvQcmJXZBp/bbGvXSYqU5yBl/0QbilBuUEF9Wo
         QIK8vWwTFNKhA6LjbpIRmyQYBpM43smKpVL6xLZCGgLIieFKBdpwpbqOPwH6XvaYD9c9
         zGBCQ8Hd9KxwTDqLZbH9hVpfPGbJ+sScLzUDAYZ8h781kx3/gZu27ijFWNtBLEQQpf2t
         0JOmJI4RxzvSbfurxDsYBtUtk8u9MtxGUba1PYuSyAeJwKnxb8WA6ji12VKjPzvZUTM+
         5ASg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=tvuXaKMCQszX2c3s/rmLVTxcHuYY0k4zTranJ7Fpa6w=;
        fh=3rysoXM2rdN9BGDZv0rDH1QSB0DsyZhdDh+wL2wqffI=;
        b=ED5+mkuAq2hTtVZO0Rh2eID15p1qxYfkz9emu7G8/kbJZ4qNDB8I3KO5wMnz/9Ce83
         dD19ca3wfoTWyQk6KXpT6VlYMPERHpSFwdUkf9M9KvGqCc8YHX6MIFpIXPPbWcWq93Nh
         s2xisHBkp1nyVO7dAVMJHMhA8DQrH4a8u9cPIIx2wVEA1ZybLOaYakT911oTW2v+0nDQ
         ExGJvKe2nFbPu5X9IriYB6YOyxSZiOVMqLs0PNJE1Rsj8mvHIess/lQHKjo7pXZYbvOP
         6sLgwUZL4U8nAY8ZnZtS587evODzKRENxcx38D/uPwvwiAkCrOCqM7VOn6MEQ+MGJZzd
         uaow==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TIOImOAf;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id i12-20020a37c20c000000b0078a3c669016si4629632qkm.70.2024.03.24.23.14.55
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 24 Mar 2024 23:14:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TIOImOAf;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-114526-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id AF6411C2C275
	for <linux.lists.archive@gmail.com>; Mon, 25 Mar 2024 06:14:55 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 4FD2E28FEC2;
	Sun, 24 Mar 2024 23:49:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TIOImOAf"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37E37149E0F;
	Sun, 24 Mar 2024 23:15:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711322151; cv=none; b=gPQfGZs/VkDYUUd8B7XJ6K/Qid3qXP5Em1C8Fwm9PLaaHPUeAwT2em5BRtcV8s6ry5mbCCCmfqBKtw7e6+G1P6pO2n4zgUqtmoSmxrSYOTm37FYZ6Ovo3lAWM/LKcnTTf1owQcx7w/v2aPqzoSePe3nqQ4Yjs5MjnXmiVytWGDw=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711322151; c=relaxed/simple;
	bh=fl7NnVGSSlcrH+GcOWmHYXsxcie4uE+LpNiwHizCaBk=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=kMrLRTiAW5+fmupgZ+oa44dEvzZVUqjkGzQPBrUxFz1frGe5c/J6ChYIRUY9/FpaoK7a7CVh6GBKkil7VVIVWLt6ju3DfchHE0DGx/RhzW9YEZ0ZG1QiYvCH1nhyCHvCxiftLwBao5x46p245ggVo1mUcRmlSGOfKIpNh3UANck=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TIOImOAf; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E397C433F1;
	Sun, 24 Mar 2024 23:15:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1711322150;
	bh=fl7NnVGSSlcrH+GcOWmHYXsxcie4uE+LpNiwHizCaBk=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=TIOImOAfMrgc99r8TYQy+VsvHErvxeZnQ1IK4LG3k7dNHp0bapGxan2PBy7ukK6ij
	 qxhP8zaiva9jQK3lbIt1gw8g1teYSgAu6ZGokHyHdtsrbF2zLy3HGPxkED4I4Lfua6
	 uLL2LUzBPSyt7HPereTvWCfMb+xCBtsqHJVuPCHmsUIu9zlDtzShIEBwfVLcG3toSV
	 4Mhtei8L/g2mU/3sRxWenLDTahxvHSdSxtwdPyLJkfNz3r3hQNTAr/ybcbZwT1kWTI
	 bnveHM7wofL8ATrIRaOKMX5aLoLmbRtC2I13YQr7k/3gpwi1hTktOcO+1TT4BaG0kn
	 dOTEiazCunlXg==
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Cc: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>,
	Willem de Bruijn <willemb@google.com>,
	"David S . Miller" <davem@davemloft.net>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 227/451] udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
Date: Sun, 24 Mar 2024 19:08:23 -0400
Message-ID: <20240324231207.1351418-228-sashal@kernel.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240324231207.1351418-1-sashal@kernel.org>
References: <20240324231207.1351418-1-sashal@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit

From: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>

[ Upstream commit 4bb3ba7b74fceec6f558745b25a43c6521cf5506 ]

The 'len' variable can't be negative when assigned the result of
'min_t' because all 'min_t' parameters are cast to unsigned int,
and then the minimum one is chosen.

To fix the logic, check 'len' as read from 'optlen',
where the types of relevant variables are (signed) int.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv4/udp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 87d759bab0012..7856b7a3e0ee9 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -2790,11 +2790,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
 	if (get_user(len, optlen))
 		return -EFAULT;
 
-	len = min_t(unsigned int, len, sizeof(int));
-
 	if (len < 0)
 		return -EINVAL;
 
+	len = min_t(unsigned int, len, sizeof(int));
+
 	switch (optname) {
 	case UDP_CORK:
 		val = udp_test_bit(CORK, sk);
-- 
2.43.0