diff options
author | Maciej Żenczykowski <maze@google.com> | 2021-05-05 18:58:31 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2021-05-05 21:48:46 +0200 |
commit | 2c16db6c92b0ee4aa61e88366df82169e83c3f7e (patch) | |
tree | e6cc0490d4eec83f99eb8ddeaf28a77e48341296 /lib/nlattr.c | |
parent | net:CXGB4: fix leak if sk_buff is not used (diff) | |
download | linux-2c16db6c92b0ee4aa61e88366df82169e83c3f7e.tar.xz linux-2c16db6c92b0ee4aa61e88366df82169e83c3f7e.zip |
net: fix nla_strcmp to handle more then one trailing null character
Android userspace has been using TCA_KIND with a char[IFNAMESIZ]
many-null-terminated buffer containing the string 'bpf'.
This works on 4.19 and ceases to work on 5.10.
I'm not entirely sure what fixes tag to use, but I think the issue
was likely introduced in the below mentioned 5.4 commit.
Reported-by: Nucca Chen <nuccachen@google.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@mellanox.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Fixes: 62794fc4fbf5 ("net_sched: add max len check for TCA_KIND")
Change-Id: I66dc281f165a2858fc29a44869a270a2d698a82b
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib/nlattr.c')
-rw-r--r-- | lib/nlattr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/nlattr.c b/lib/nlattr.c index 5b6116e81f9f..1d051ef66afe 100644 --- a/lib/nlattr.c +++ b/lib/nlattr.c @@ -828,7 +828,7 @@ int nla_strcmp(const struct nlattr *nla, const char *str) int attrlen = nla_len(nla); int d; - if (attrlen > 0 && buf[attrlen - 1] == '\0') + while (attrlen > 0 && buf[attrlen - 1] == '\0') attrlen--; d = attrlen - len; |