Re: [PATCH] net: dev_addr_list: add address length validation in __hw_addr_insert function

[Eric Dumazet]

On Mon, Feb 17, 2025 at 8:05 PM Suchit K <suchitkarunakaran@xxxxxxxxx> wrote:
>
> Hi Eric,
> Thanks for the feedback! I'm new to kernel development and still
> finding my way around.
> I wasn't working from a syzbot report on this one; I was just
> exploring the code and felt there is no parameter validation. I went
> ahead and made this change based on that impression. I realized my
> changelog should have been more generic. Sorry about that. Also since
> it's not based on a syzbot report, is it good to have this change?
> Your insights and suggestions would be most welcome. I will make the
> required changes accordingly.
> Thanks.

I think these checks are not necessary.

1) The caller (dev_addr_mod) provides non NULL pointers,
    there is no point adding tests, because if one of them was NULL,
    a crash would occur before hitting this function.

2) Your patch would silently hide a real issue if for some reason
dev->addr_len was too big.