diff options
author | Johannes Berg <johannes.berg@intel.com> | 2020-08-31 20:28:05 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2020-08-31 12:01:15 -0700 |
commit | c30a3c957c885e618ddffc065f888be4f8d5a9bd (patch) | |
tree | e8e271fe566350c071dc5563bd3a819b7cf9ac7c /net | |
parent | 0f091e43310f5c292b7094f9f115e651358e8053 (diff) |
netlink: policy: correct validation type check
In the policy export for binary attributes I erroneously used
a != NLA_VALIDATE_NONE comparison instead of checking for the
two possible values, which meant that if a validation function
pointer ended up aliasing the min/max as negatives, we'd hit
a warning in nla_get_range_unsigned().
Fix this to correctly check for only the two types that should
be handled here, i.e. range with or without warn-too-long.
Reported-by: syzbot+353df1490da781637624@syzkaller.appspotmail.com
Fixes: 8aa26c575fb3 ("netlink: make NLA_BINARY validation more flexible")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netlink/policy.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netlink/policy.c b/net/netlink/policy.c index 7b1f50531cd3..5c9e7530865f 100644 --- a/net/netlink/policy.c +++ b/net/netlink/policy.c @@ -264,7 +264,8 @@ send_attribute: else type = NL_ATTR_TYPE_BINARY; - if (pt->validation_type != NLA_VALIDATE_NONE) { + if (pt->validation_type == NLA_VALIDATE_RANGE || + pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) { struct netlink_range_validation range; nla_get_range_unsigned(pt, &range); |