Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-20 23:13:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
743ad091fb
linux/net/core
History
Lin Ma 743ad091fb rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back 
In the commit d73ef2d69c ("rtnetlink: let rtnl_bridge_setlink checks
IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic
in the function `rtnl_bridge_setlink` to enable the loop to also check
the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment
removed the `break` statement and led to an error logic of the flags
writing back at the end of this function.

if (have_flags)
    memcpy(nla_data(attr), &flags, sizeof(flags));
    // attr should point to IFLA_BRIDGE_FLAGS NLA !!!

Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.
However, this is not necessarily true fow now as the updated loop will let
the attr point to the last NLA, even an invalid NLA which could cause
overflow writes.

This patch introduces a new variable `br_flag` to save the NLA pointer
that points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned
error logic.

Fixes: d73ef2d69c ("rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/20240227121128.608110-1-linma@zju.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-02-28 19:38:03 -08:00
..
bpf_sk_storage.c net: Namespace-ify sysctl_optmem_max 2023-12-15 11:01:27 +00:00
datagram.c net: Fix from address in memcpy_to_iter_csum() 2024-02-02 12:21:02 +00:00
dev_addr_lists_test.c net: fill in MODULE_DESCRIPTION()s under net/core 2023-10-28 11:29:27 +01:00
dev_addr_lists.c
dev_ioctl.c net: partial revert of the "Make timestamping selectable: series 2023-11-18 18:42:37 -08:00
dev.c dpll: rely on rcu for netdev_dpll_pin() 2024-02-26 18:39:34 -08:00
dev.h net: fix removing a namespace with conflicting altnames 2024-01-22 01:09:30 +00:00
drop_monitor.c genetlink: Use internal flags for multicast groups 2023-12-29 08:43:59 +00:00
dst_cache.c
dst.c net: dst: remove unnecessary input parameter in dst_alloc and dst_init 2023-09-12 11:42:25 +02:00
failover.c
fib_notifier.c
fib_rules.c fib: rules: remove repeated assignment in fib_nl2rule 2024-01-07 15:16:19 +00:00
filter.c xdp: reflect tail increase for MEM_TYPE_XSK_BUFF_POOL 2024-01-24 16:24:07 -08:00
flow_dissector.c net/core: Fix ETH_P_1588 flow dissector 2023-09-15 10:40:04 +01:00
flow_offload.c tc: flower: Enable offload support IPSEC SPI field. 2023-08-02 10:09:32 +01:00
gen_estimator.c
gen_stats.c
gro_cells.c
gro.c gro: move the tc_ext comparison to a helper 2023-06-18 18:08:35 +01:00
gso_test.c net: gso_test: support CONFIG_MAX_SKB_FRAGS up to 45 2023-11-13 11:04:38 +00:00
gso.c net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
hwbm.c
link_watch.c Revert "net: rtnetlink: remove local list in __linkwatch_run_queue()" 2023-12-11 10:57:16 +00:00
lwt_bpf.c lwt: Fix return values of BPF xmit ops 2023-08-18 16:05:26 +02:00
lwtunnel.c
Makefile net: page_pool: id the page pools 2023-11-28 15:48:39 +01:00
neighbour.c neighbour: Don't let neigh_forced_gc() disable preemption for long 2023-12-08 10:37:43 +00:00
net_namespace.c net: Namespace-ify sysctl_optmem_max 2023-12-15 11:01:27 +00:00
net-procfs.c net-sysfs: display two backlog queue len separately 2023-03-22 12:03:52 +01:00
net-sysfs.c net: sysfs: fix locking in carrier read 2023-12-08 16:10:17 -08:00
net-sysfs.h
net-traces.c udp6: add a missing call into udp_fail_queue_rcv_skb tracepoint 2023-07-07 09:16:52 +01:00
netclassid_cgroup.c cgroup, netclassid: on modifying netclassid in cgroup, only consider the main process. 2023-10-16 16:36:53 -07:00
netdev-genl-gen.c netdev-genl: spec: Extend netdev netlink spec in YAML for NAPI 2023-12-04 18:04:05 -08:00
netdev-genl-gen.h netdev-genl: spec: Extend netdev netlink spec in YAML for NAPI 2023-12-04 18:04:05 -08:00
netdev-genl.c netdev-genl: Add PID for the NAPI thread 2023-12-04 18:04:06 -08:00
netevent.c
netpoll.c netpoll: allocate netdev tracker right away 2023-06-15 08:21:11 +01:00
netprio_cgroup.c
of_net.c net: Explicitly include correct DT includes 2023-07-27 20:33:16 -07:00
page_pool_priv.h net: page_pool: report when page pool was destroyed 2023-11-28 15:48:39 +01:00
page_pool_user.c net: page_pool: fix general protection fault in page_pool_unlist 2023-11-30 10:14:58 -08:00
page_pool.c page_pool: halve BIAS_MAX for multiple user references of a fragment 2023-12-17 10:56:33 +00:00
pktgen.c net: pktgen: Use wait_event_freezable_timeout() for freezable kthread 2023-12-27 14:34:52 +00:00
ptp_classifier.c
request_sock.c tcp: make sure init the accept_queue's spinlocks once 2024-01-19 21:13:25 -08:00
rtnetlink.c rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back 2024-02-28 19:38:03 -08:00
scm.c vfs-6.8.misc 2024-01-08 10:26:08 -08:00
secure_seq.c
selftests.c net: fill in MODULE_DESCRIPTION()s under net/core 2023-10-28 11:29:27 +01:00
skbuff.c Networking changes for 6.8. 2024-01-11 10:07:29 -08:00
skmsg.c bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() 2024-02-21 17:15:23 +01:00
sock_destructor.h
sock_diag.c
sock_map.c bpf: syzkaller found null ptr deref in unix_bpf proto add 2023-12-13 16:32:28 -08:00
sock_reuseport.c
sock.c net: implement lockless setsockopt(SO_PEEK_OFF) 2024-02-21 11:24:20 +00:00
stream.c net: Return error from sk_stream_wait_connect() if sk_wait_event() fails 2023-12-15 10:48:51 +00:00
sysctl_net_core.c net: Namespace-ify sysctl_optmem_max 2023-12-15 11:01:27 +00:00
timestamping.c net: partial revert of the "Make timestamping selectable: series 2023-11-18 18:42:37 -08:00
tso.c
utils.c
xdp.c xdp: Add VLAN tag hint 2023-12-13 16:16:40 -08:00