leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netlink: extack needs to be reset each time through loop

Browse Source 
syzbot triggered the WARN_ON in netlink_ack testing the bad_attr value.
The problem is that netlink_rcv_skb loops over the skb repeatedly invoking
the callback and without resetting the extack leaving potentially stale
data. Initializing each time through avoids the WARN_ON.

Fixes: 2d4bc93368 ("netlink: extended ACK reporting")
Reported-by: syzbot+315fa6766d0f7c359327@syzkaller.appspotmail.com
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern 2018-01-10 13:00:39 -08:00 committed by David S. Miller
parent 59b36613e8
commit cbbdf8433a
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
net/netlink/af_netlink.c
View File

@ -2384,7 +2384,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
struct nlmsghdr *, struct nlmsghdr *,
struct netlink_ext_ack *)) struct netlink_ext_ack *))
{ {
struct netlink_ext_ack extack = {}; struct netlink_ext_ack extack;
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
int err; int err;
@ -2405,6 +2405,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
if (nlh->nlmsg_type < NLMSG_MIN_TYPE) if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
goto ack; goto ack;
memset(&extack, 0, sizeof(extack));
err = cb(skb, nlh, &extack); err = cb(skb, nlh, &extack);
if (err == -EINTR) if (err == -EINTR)
goto skip; goto skip;