diff options
| author | Cong Wang <[email protected]> | 2020-01-22 15:42:02 -0800 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2020-01-23 21:34:42 +0100 |
| commit | 61678d28d4a45ef376f5d02a839cc37509ae9281 (patch) | |
| tree | f3a4b4805448da26fd0d43423a0ae0c2905e4d98 /include/linux/compiler_attributes.h | |
| parent | 42c9bdae2366072aa7c4d680c429fcdec22b44f2 (diff) | |
net_sched: fix datalen for ematch
syzbot reported an out-of-bound access in em_nbyte. As initially
analyzed by Eric, this is because em_nbyte sets its own em->datalen
in em_nbyte_change() other than the one specified by user, but this
value gets overwritten later by its caller tcf_em_validate().
We should leave em->datalen untouched to respect their choices.
I audit all the in-tree ematch users, all of those implement
->change() set em->datalen, so we can just avoid setting it twice
in this case.
Reported-and-tested-by: [email protected]
Reported-by: [email protected]
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: Eric Dumazet <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Reviewed-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'include/linux/compiler_attributes.h')
0 files changed, 0 insertions, 0 deletions