On Thu, Nov 19, 2020 at 01:59:32AM -0800, Eric Dumazet wrote: > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > syzbot found that we are not validating user input properly > before copying 16 bytes [1]. > > Using NLA_BINARY in ipaddr_policy[] for IPv6 address is not correct, > since it ensures at most 16 bytes were provided. > > We should instead make sure user provided exactly 16 bytes. > > In old kernels (before v4.20), fix would be to remove the NLA_BINARY, > since NLA_POLICY_EXACT_LEN() was not yet available. Applied, thanks.
