[PATCH net-next] vxlan: fix incorrect nlattr access in MTU check

From: Matthias Schiffer
Date: Tue Jun 27 2017 - 08:43:16 EST

Next message: Tomasz Figa: "Re: [PATCH 1/2] iommu/dma: Respect __GFP_DMA and __GFP_DMA32 in incoming GFP flags"
Previous message: Finn Thain: "Re: [PATCH v3 0/4] g_NCR5380: PDMA fixes and cleanup"
Next in thread: David Miller: "Re: [PATCH net-next] vxlan: fix incorrect nlattr access in MTU check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The access to the wrong variable could lead to a NULL dereference and
possibly other invalid memory reads in vxlan newlink/changelink requests
with a IFLA_MTU attribute.

Fixes: a985343ba906 "vxlan: refactor verification and application of configuration"
Signed-off-by: Matthias Schiffer <mschiffer@xxxxxxxxxxxxxxxxxxxx>
---
drivers/net/vxlan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 0dafd8e6c665..fd0ff97e3d81 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2727,7 +2727,7 @@ static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[],
}

if (tb[IFLA_MTU]) {
- u32 mtu = nla_get_u32(data[IFLA_MTU]);
+ u32 mtu = nla_get_u32(tb[IFLA_MTU]);

if (mtu < ETH_MIN_MTU || mtu > ETH_MAX_MTU)
return -EINVAL;
--
2.13.2

Next message: Tomasz Figa: "Re: [PATCH 1/2] iommu/dma: Respect __GFP_DMA and __GFP_DMA32 in incoming GFP flags"
Previous message: Finn Thain: "Re: [PATCH v3 0/4] g_NCR5380: PDMA fixes and cleanup"
Next in thread: David Miller: "Re: [PATCH net-next] vxlan: fix incorrect nlattr access in MTU check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]