Commit c30a3c95 authored by Johannes Berg's avatar Johannes Berg Committed by David S. Miller
Browse files

netlink: policy: correct validation type check 



In the policy export for binary attributes I erroneously used
a != NLA_VALIDATE_NONE comparison instead of checking for the
two possible values, which meant that if a validation function
pointer ended up aliasing the min/max as negatives, we'd hit
a warning in nla_get_range_unsigned().

Fix this to correctly check for only the two types that should
be handled here, i.e. range with or without warn-too-long.

Reported-by: default avatar <syzbot+353df1490da781637624@syzkaller.appspotmail.com>
Fixes: 8aa26c57 ("netlink: make NLA_BINARY validation more flexible")
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0f091e43

net/netlink/policy.c

+2 −1
Original line number Diff line number Diff line
@@ -264,7 +264,8 @@ send_attribute: 
		else

			type = NL_ATTR_TYPE_BINARY;



		if (pt->validation_type != NLA_VALIDATE_NONE) {

		if (pt->validation_type == NLA_VALIDATE_RANGE ||

		    pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {

			struct netlink_range_validation range;



			nla_get_range_unsigned(pt, &range);

CRA Git | Maintained and supported by SUSTech CRA and CCSE