net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS

Building sctp may fail with:

In function ‘copy_from_user’,
    inlined from ‘sctp_getsockopt_assoc_stats’ at
    net/sctp/socket.c:5656:20:
arch/x86/include/asm/uaccess_32.h:211:26: error: call to
    ‘copy_from_user_overflow’ declared with attribute error: copy_from_user()
    buffer size is not provably correct

if built with W=1 due to a missing parameter size validation
before the call to copy_from_user.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 3 insertions, 3 deletions

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index cedd9bf67b8c..9ef5c7312e12 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5653,6 +5653,9 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
         if (len < sizeof(sctp_assoc_t))
                 return -EINVAL;
 
+        /* Allow the struct to grow and fill in as much as possible */
+        len = min_t(size_t, len, sizeof(sas));
+
         if (copy_from_user(&sas, optval, len))
                 return -EFAULT;
 
@@ -5686,9 +5689,6 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
         /* Mark beginning of a new observation period */
         asoc->stats.max_obs_rto = asoc->rto_min;
 
-        /* Allow the struct to grow and fill in as much as possible */
-        len = min_t(size_t, len, sizeof(sas));
-
         if (put_user(len, optlen))
                 return -EFAULT;