summaryrefslogtreecommitdiffstats
path: root/net/netlink/policy.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2020-08-31 20:28:05 +0200
committerDavid S. Miller <davem@davemloft.net>2020-08-31 21:01:15 +0200
commitc30a3c957c885e618ddffc065f888be4f8d5a9bd (patch)
treee8e271fe566350c071dc5563bd3a819b7cf9ac7c /net/netlink/policy.c
parentnetlabel: remove unused param from audit_log_format() (diff)
downloadlinux-c30a3c957c885e618ddffc065f888be4f8d5a9bd.tar.xz
linux-c30a3c957c885e618ddffc065f888be4f8d5a9bd.zip
netlink: policy: correct validation type check
In the policy export for binary attributes I erroneously used a != NLA_VALIDATE_NONE comparison instead of checking for the two possible values, which meant that if a validation function pointer ended up aliasing the min/max as negatives, we'd hit a warning in nla_get_range_unsigned(). Fix this to correctly check for only the two types that should be handled here, i.e. range with or without warn-too-long. Reported-by: syzbot+353df1490da781637624@syzkaller.appspotmail.com Fixes: 8aa26c575fb3 ("netlink: make NLA_BINARY validation more flexible") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to '')
-rw-r--r--net/netlink/policy.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netlink/policy.c b/net/netlink/policy.c
index 7b1f50531cd3..5c9e7530865f 100644
--- a/net/netlink/policy.c
+++ b/net/netlink/policy.c
@@ -264,7 +264,8 @@ send_attribute:
else
type = NL_ATTR_TYPE_BINARY;
- if (pt->validation_type != NLA_VALIDATE_NONE) {
+ if (pt->validation_type == NLA_VALIDATE_RANGE ||
+ pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {
struct netlink_range_validation range;
nla_get_range_unsigned(pt, &range);