summaryrefslogtreecommitdiffstats
path: root/lib/nlattr.c
diff options
context:
space:
mode:
authorMaciej Żenczykowski <maze@google.com>2021-05-05 18:58:31 +0200
committerDavid S. Miller <davem@davemloft.net>2021-05-05 21:48:46 +0200
commit2c16db6c92b0ee4aa61e88366df82169e83c3f7e (patch)
treee6cc0490d4eec83f99eb8ddeaf28a77e48341296 /lib/nlattr.c
parentnet:CXGB4: fix leak if sk_buff is not used (diff)
downloadlinux-2c16db6c92b0ee4aa61e88366df82169e83c3f7e.tar.xz
linux-2c16db6c92b0ee4aa61e88366df82169e83c3f7e.zip
net: fix nla_strcmp to handle more then one trailing null character
Android userspace has been using TCA_KIND with a char[IFNAMESIZ] many-null-terminated buffer containing the string 'bpf'. This works on 4.19 and ceases to work on 5.10. I'm not entirely sure what fixes tag to use, but I think the issue was likely introduced in the below mentioned 5.4 commit. Reported-by: Nucca Chen <nuccachen@google.com> Cc: Cong Wang <xiyou.wangcong@gmail.com> Cc: David Ahern <dsahern@gmail.com> Cc: David S. Miller <davem@davemloft.net> Cc: Jakub Kicinski <jakub.kicinski@netronome.com> Cc: Jamal Hadi Salim <jhs@mojatatu.com> Cc: Jiri Pirko <jiri@mellanox.com> Cc: Jiri Pirko <jiri@resnulli.us> Fixes: 62794fc4fbf5 ("net_sched: add max len check for TCA_KIND") Change-Id: I66dc281f165a2858fc29a44869a270a2d698a82b Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to '')
-rw-r--r--lib/nlattr.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/nlattr.c b/lib/nlattr.c
index 5b6116e81f9f..1d051ef66afe 100644
--- a/lib/nlattr.c
+++ b/lib/nlattr.c
@@ -828,7 +828,7 @@ int nla_strcmp(const struct nlattr *nla, const char *str)
int attrlen = nla_len(nla);
int d;
- if (attrlen > 0 && buf[attrlen - 1] == '\0')
+ while (attrlen > 0 && buf[attrlen - 1] == '\0')
attrlen--;
d = attrlen - len;