33 lines
1.2 KiB
Diff
33 lines
1.2 KiB
Diff
From 418962b6861c0f3459400b3ea43aa6e709612f49 Mon Sep 17 00:00:00 2001
|
|
From: Ilya Leoshkevich <iii@linux.ibm.com>
|
|
Date: Fri, 10 Feb 2023 01:12:01 +0100
|
|
Subject: [PATCH] libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
|
|
|
|
The code assumes that everything that comes after nlmsgerr are nlattrs.
|
|
When calculating their size, it does not account for the initial
|
|
nlmsghdr. This may lead to accessing uninitialized memory.
|
|
|
|
Fixes: bbf48c18ee0c ("libbpf: add error reporting in XDP")
|
|
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
|
|
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
|
|
Link: https://lore.kernel.org/bpf/20230210001210.395194-8-iii@linux.ibm.com
|
|
---
|
|
src/nlattr.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/nlattr.c b/src/nlattr.c
|
|
index 3900d05..975e265 100644
|
|
--- a/src/nlattr.c
|
|
+++ b/src/nlattr.c
|
|
@@ -178,7 +178,7 @@ int libbpf_nla_dump_errormsg(struct nlmsghdr *nlh)
|
|
hlen += nlmsg_len(&err->msg);
|
|
|
|
attr = (struct nlattr *) ((void *) err + hlen);
|
|
- alen = nlh->nlmsg_len - hlen;
|
|
+ alen = (void *)nlh + nlh->nlmsg_len - (void *)attr;
|
|
|
|
if (libbpf_nla_parse(tb, NLMSGERR_ATTR_MAX, attr, alen,
|
|
extack_policy) != 0) {
|
|
--
|
|
|