From 9006fc45ee72f9b45acc6813c80449353d0019ba Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@google.com>
Date: Thu, 2 May 2024 07:45:47 +0000
Subject: [PATCH] Revert "arp: Prevent overflow in arp_req_get()."

This reverts commit f119f2325ba70cbfdec701000dcad4d88805d5b0 which is
commit a7d6027790acea24446ddd6632d394096c0f4667 upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I97be23b4073709843571e5b5d05903fda4121870
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
---
 net/ipv4/arp.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index ccff96820a70..9456f5bb35e5 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1125,8 +1125,7 @@ static int arp_req_get(struct arpreq *r, struct net_device *dev)
 	if (neigh) {
 		if (!(READ_ONCE(neigh->nud_state) & NUD_NOARP)) {
 			read_lock_bh(&neigh->lock);
-			memcpy(r->arp_ha.sa_data, neigh->ha,
-			       min(dev->addr_len, (unsigned char)sizeof(r->arp_ha.sa_data_min)));
+			memcpy(r->arp_ha.sa_data, neigh->ha, dev->addr_len);
 			r->arp_flags = arp_state_to_flags(neigh);
 			read_unlock_bh(&neigh->lock);
 			r->arp_ha.sa_family = dev->type;