Patch "net: tipc: resize nlattr array to correct size" has been added to the 4.14-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 18 Jun 2023 10:24:40 -0400

This is a note to let you know that I've just added the patch titled

    net: tipc: resize nlattr array to correct size

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-tipc-resize-nlattr-array-to-correct-size.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit dcbad9f7647497960e18ccde87bb07de8827fba5
Author: Lin Ma <linma@xxxxxxxxxx>
Date:   Wed Jun 14 20:06:04 2023 +0800

    net: tipc: resize nlattr array to correct size
    
    [ Upstream commit 44194cb1b6045dea33ae9a0d54fb7e7cd93a2e09 ]
    
    According to nla_parse_nested_deprecated(), the tb[] is supposed to the
    destination array with maxtype+1 elements. In current
    tipc_nl_media_get() and __tipc_nl_media_set(), a larger array is used
    which is unnecessary. This patch resize them to a proper size.
    
    Fixes: 1e55417d8fc6 ("tipc: add media set to new netlink api")
    Fixes: 46f15c6794fb ("tipc: add media get/dump to new netlink api")
    Signed-off-by: Lin Ma <linma@xxxxxxxxxx>
    Reviewed-by: Florian Westphal <fw@xxxxxxxxx>
    Reviewed-by: Tung Nguyen <tung.q.nguyen@xxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230614120604.1196377-1-linma@xxxxxxxxxx
    Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index c8001471da6c3..506cbd1b22235 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -1072,7 +1072,7 @@ int tipc_nl_media_get(struct sk_buff *skb, struct genl_info *info)
 	struct tipc_nl_msg msg;
 	struct tipc_media *media;
 	struct sk_buff *rep;
-	struct nlattr *attrs[TIPC_NLA_BEARER_MAX + 1];
+	struct nlattr *attrs[TIPC_NLA_MEDIA_MAX + 1];
 
 	if (!info->attrs[TIPC_NLA_MEDIA])
 		return -EINVAL;
@@ -1120,7 +1120,7 @@ int tipc_nl_media_set(struct sk_buff *skb, struct genl_info *info)
 	int err;
 	char *name;
 	struct tipc_media *m;
-	struct nlattr *attrs[TIPC_NLA_BEARER_MAX + 1];
+	struct nlattr *attrs[TIPC_NLA_MEDIA_MAX + 1];
 
 	if (!info->attrs[TIPC_NLA_MEDIA])
 		return -EINVAL;






