diff options
author | Philippe Schenker <philippe.schenker@toradex.com> | 2022-05-19 14:57:48 +0200 |
---|---|---|
committer | Philippe Schenker <philippe.schenker@toradex.com> | 2022-05-19 14:57:48 +0200 |
commit | 0e61b511dd8474280ba674590daa55f30433b7d4 (patch) | |
tree | 48c35f63dc1101d0d528b5d79c81849b99ca7c6d /net/netlink/af_netlink.c | |
parent | c4bda7fe18b3ff6898f8fa110a3d60ee8f4379a0 (diff) | |
parent | 01565c91b789a1612051e735a65f11096a6f08e8 (diff) |
Merge tag 'v5.4.193' into update-to-2.3.7__5.4-2.3.x-imx
This is the 5.4.193 stable release
Conflicts:
arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts
drivers/edac/synopsys_edac.c
drivers/mmc/host/sdhci-esdhc-imx.c
drivers/mmc/host/sdhci.c
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
sound/soc/codecs/msm8916-wcd-analog.c
Diffstat (limited to 'net/netlink/af_netlink.c')
-rw-r--r-- | net/netlink/af_netlink.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index cb35680db9b2..8aefc52542a0 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -148,6 +148,8 @@ static const struct rhashtable_params netlink_rhashtable_params; static inline u32 netlink_group_mask(u32 group) { + if (group > 32) + return 0; return group ? 1 << (group - 1) : 0; } @@ -1862,6 +1864,11 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) if (msg->msg_flags&MSG_OOB) return -EOPNOTSUPP; + if (len == 0) { + pr_warn_once("Zero length message leads to an empty skb\n"); + return -ENODATA; + } + err = scm_send(sock, msg, &scm, true); if (err < 0) return err; @@ -2246,6 +2253,13 @@ static int netlink_dump(struct sock *sk) * single netdev. The outcome is MSG_TRUNC error. */ skb_reserve(skb, skb_tailroom(skb) - alloc_size); + + /* Make sure malicious BPF programs can not read unitialized memory + * from skb->head -> skb->data + */ + skb_reset_network_header(skb); + skb_reset_mac_header(skb); + netlink_skb_set_owner_r(skb, sk); if (nlk->dump_done_errno > 0) { |