Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2547087lqp;
        Mon, 25 Mar 2024 02:04:55 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVFWimlIC1MM+W7thTndGd1s6xJqqzLYgjiWnjQz40BTmwTHArDFJ7gn1rH83EiEixsyQ5nf/cFlmTkOdX8Z9NP1OxJo8cErh7QUiUrXw==
X-Google-Smtp-Source: AGHT+IGmbqVPYD4vPZQTq/RLlEEKo2F4P7RsaEbRRC8ahtVzLVbN26b4hU/hV8Hik9zbzLDHlsaZ
X-Received: by 2002:a50:aa8c:0:b0:56b:8dcd:acb5 with SMTP id q12-20020a50aa8c000000b0056b8dcdacb5mr5722134edc.39.1711357495339;
        Mon, 25 Mar 2024 02:04:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711357495; cv=pass;
        d=google.com; s=arc-20160816;
        b=T/jqXX9BsQL7HRC5E84P7gPxzlJZzT0ZwBFI2cBVbpOUrT6lPAevG8B0IyjCDA9sjc
         AmcBMdxXRxHVO79E83CHezgq+YWzvX8ytK2oAR1tz8519t8Ugb1na6PPPKUFlKakzCiy
         7oE0HA05HkOrfY5i70Th4yFuJZH+Hi25TYz9UzFbP+BVnGDynlDmLSIjs38ta2q2G1bB
         bQNR0LPW0fGH+g7m0UUrzjDU9S40kqZc4icq8TKnAXUVgcJnInK7rM2fQyQ1shY3HsKE
         wff3ihuw0lmtaUItUEl6pLsLuNNx70fSkcmfv0rndkangBUGT5JlgBTdrp75DquOEsxs
         SsVw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=DQnqXu3wVlmuyisQHa0gTVbz7BpLiPFU/z7dDItqFtA=;
        fh=3rysoXM2rdN9BGDZv0rDH1QSB0DsyZhdDh+wL2wqffI=;
        b=rtWqz7AdfijYQ9Iw05wR2Z89BhSTl/jDJi/yJgCZU34a/2R2v5HxETqn0bpJRoIOdz
         YGXsZAbt4ho/qdcfhKDV/fsQvvjOWDRAU4MGOwcXYNmRNSxalMVmnFt/qyOd97cWZMfC
         70hXEu2x6ZgDLKLSEbqroqJPp48g6tcAP4mDl8N0w7yqrUPIfbjrrKwBdyJ4yWM5lDNk
         8u/B8j+jL0Z7F79GFtCiRiAMvvCzY+2RLqehqNLVxRgNMoUxH0UOAiBJXUE5/bSZBClF
         jPAbXQGhDiduMPYdcnUT51ifwgv8xRUb0WMOqLdK97DUhgDpZifbLYLptqDHFGGQtrhc
         vkCQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=io0T2nMt;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-115678-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115678-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-115678-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id r13-20020a05640251cd00b0056752f4924esi2295143edd.224.2024.03.25.02.04.55
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 25 Mar 2024 02:04:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-115678-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=io0T2nMt;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-115678-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115678-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 144491F35F14
	for <linux.lists.archive@gmail.com>; Mon, 25 Mar 2024 09:04:55 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 50C08258A27;
	Mon, 25 Mar 2024 02:53:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="io0T2nMt"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8E5920AF7B;
	Sun, 24 Mar 2024 23:06:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711321606; cv=none; b=Yq2NGHz5o+JpD4CO2jlhHCNbGmIuV1srd6bZJuvadzpqksMSmstfWO3QIC1FwZ0TWLyTSywY/JExeOL3rFyc4fTAcDnYg5/BKjykyb2RdF3Hkj6WMfnDtXWAJWNK8k7ivqtOsCvr3f/tfG8VqROG12hAl2DXTFwtAPWeDD2lz54=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711321606; c=relaxed/simple;
	bh=NMB/Dvckd0N0jkQPCy6uceSyX5z8ocUXKOUi3TZ+sNw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=BjIbw2itIJilwHvAVQfC6FJXabd3apOee8d4FrzfzsGKD79a50GP5WRzxoqZRmLDhAibEN1kT0Sor4RTczJzOIxKydy9YFGM/235L/DiQZblBBrR7LBTnAFPFYtz1UXe9d0mOoRxkgAnkGDJ92azu6nLSuidQW3NW8hoPD0iZa4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=io0T2nMt; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id EAEB9C433C7;
	Sun, 24 Mar 2024 23:06:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1711321606;
	bh=NMB/Dvckd0N0jkQPCy6uceSyX5z8ocUXKOUi3TZ+sNw=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=io0T2nMt+6gUMDHoOZ3Ol0R7fxEoY9oUp46UgMtqs4x9Qk5OJbanHoxZMz/axGYc3
	 6wbo7YdslGrU3bMZWDDvX8Dwfl3ceDDXuBn2/FvhWwRIcvo26KBcTP2l4fucak7JM4
	 4pbmTr1yciTVMNcqOHCaSEqQEVw4Iyowdg+w5VXMdK+Mj2lc7/hOFj7h9SPZpT0wa0
	 Q1TSdgqoIX3D1Mm9HqX99Edk12l45kIs272aK1qUl/5kDUk8Vjd5La3g67PYVbT8U8
	 YrIyP+1qRibclrXrzghcYlqcHUByFm1BuSGbGXKwrn+W2zwKa1zMiEkFh57ZXhYcEp
	 6QrJvqaFTYa6Q==
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Cc: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>,
	Willem de Bruijn <willemb@google.com>,
	"David S . Miller" <davem@davemloft.net>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.6 336/638] udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
Date: Sun, 24 Mar 2024 18:56:13 -0400
Message-ID: <20240324230116.1348576-337-sashal@kernel.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240324230116.1348576-1-sashal@kernel.org>
References: <20240324230116.1348576-1-sashal@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit

From: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>

[ Upstream commit 4bb3ba7b74fceec6f558745b25a43c6521cf5506 ]

The 'len' variable can't be negative when assigned the result of
'min_t' because all 'min_t' parameters are cast to unsigned int,
and then the minimum one is chosen.

To fix the logic, check 'len' as read from 'optlen',
where the types of relevant variables are (signed) int.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv4/udp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 8e5a8b3b22c63..848072793fa98 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -2779,11 +2779,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
 	if (get_user(len, optlen))
 		return -EFAULT;
 
-	len = min_t(unsigned int, len, sizeof(int));
-
 	if (len < 0)
 		return -EINVAL;
 
+	len = min_t(unsigned int, len, sizeof(int));
+
 	switch (optname) {
 	case UDP_CORK:
 		val = udp_test_bit(CORK, sk);
-- 
2.43.0