On Fri, Apr 02, 2021 at 02:47:23PM +0300, Dan Carpenter wrote:
> The nla_len() is less than or equal to 16. If it's less than 16 then
> end of the "gid" buffer is uninitialized.
>
> Fixes: ae43f8286730 ("IB/core: Add IP to GID netlink offload")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> I just spotted this in review. I think it's a bug but I'm not 100%.
I tend to agree with you, that it is a bug.
LS_NLA_TYPE_DGID is declared as NLA_BINARY which doesn't complain if
data is less than declared ".len". However, the fix needs to be in
ib_nl_is_good_ip_resp(), it shouldn't return "true" if length not equal
to 16.
Thanks
