2017-06-27 12:43:08

by Matthias Schiffer

Subject: [PATCH net-next] vxlan: fix incorrect nlattr access in MTU check

The access to the wrong variable could lead to a NULL dereference and
possibly other invalid memory reads in vxlan newlink/changelink requests
with a IFLA_MTU attribute.

Fixes: a985343ba906 "vxlan: refactor verification and application of configuration"
Signed-off-by: Matthias Schiffer <[email protected]>
---
drivers/net/vxlan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 0dafd8e6c665..fd0ff97e3d81 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2727,7 +2727,7 @@ static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[],
}

if (tb[IFLA_MTU]) {
- u32 mtu = nla_get_u32(data[IFLA_MTU]);
+ u32 mtu = nla_get_u32(tb[IFLA_MTU]);

if (mtu < ETH_MIN_MTU || mtu > ETH_MAX_MTU)
return -EINVAL;
--
2.13.2

2017-06-27 18:41:01

by David Miller

Subject: Re: [PATCH net-next] vxlan: fix incorrect nlattr access in MTU check

From: Matthias Schiffer <[email protected]>
Date: Tue, 27 Jun 2017 14:42:43 +0200

> The access to the wrong variable could lead to a NULL dereference and
> possibly other invalid memory reads in vxlan newlink/changelink requests
> with a IFLA_MTU attribute.
>
> Fixes: a985343ba906 "vxlan: refactor verification and application of configuration"
> Signed-off-by: Matthias Schiffer <[email protected]>

Applied, thanks.