On Sun, Feb 25, 2024 at 11:58 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> syzbot reports:
>
> =====================================================
>
...
> After this update, kernel displays:
>
> netlink: 'x': attribute type 2 has an invalid length.
>
> in case that the attribute payload is too small and it reports -ERANGE
> to userspace.
>
> Fixes: ecaf75ffd5f5 ("netlink: introduce bigendian integer types")
> Reported-by: syzbot+3f497b07aa3baf2fb4d0@xxxxxxxxxxxxxxxxxxxxxxxxx
> Reported-by: xingwei lee <xrivendell7@xxxxxxxxx>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> lib/nlattr.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/lib/nlattr.c b/lib/nlattr.c
> index ed2ab43e1b22..be9c576b6e2d 100644
> --- a/lib/nlattr.c
> +++ b/lib/nlattr.c
> @@ -30,6 +30,8 @@ static const u8 nla_attr_len[NLA_TYPE_MAX+1] = {
> [NLA_S16] = sizeof(s16),
> [NLA_S32] = sizeof(s32),
> [NLA_S64] = sizeof(s64),
> + [NLA_BE16] = sizeof(__be16),
> + [NLA_BE32] = sizeof(__be32),
> };
>
> static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = {
> @@ -43,6 +45,8 @@ static const u8 nla_attr_minlen[NLA_TYPE_MAX+1] = {
> [NLA_S16] = sizeof(s16),
> [NLA_S32] = sizeof(s32),
> [NLA_S64] = sizeof(s64),
> + [NLA_BE16] = sizeof(__be16),
> + [NLA_BE32] = sizeof(__be32),
> };
>
Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Thanks.
