git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	David Ahern <dsahern@kernel.org>
	Fri, 31 Dec 2021 00:36:31 +0000 (17:36 -0700)
committer	Andrea Righi <andrea.righi@canonical.com>
	Fri, 21 Jan 2022 14:49:24 +0000 (15:49 +0100)
commit	3911faf7c63801859987ab83b10f7bfe019ef82a
tree	41a81f3f382b9567bf08fcb029627481e285d6b9	tree
parent	73d72bc41843f80bce2eb95f354f102bd45f712f	commit \| diff

ipv4: Check attribute length for RTA_GATEWAY in multipath route

BugLink: https://bugs.launchpad.net/bugs/1957882
commit 7a3429bace0e08d94c39245631ea6bc109dafa49 upstream.

syzbot reported uninit-value:
============================================================
  BUG: KMSAN: uninit-value in fib_get_nhs+0xac4/0x1f80
  net/ipv4/fib_semantics.c:708
   fib_get_nhs+0xac4/0x1f80 net/ipv4/fib_semantics.c:708
   fib_create_info+0x2411/0x4870 net/ipv4/fib_semantics.c:1453
   fib_table_insert+0x45c/0x3a10 net/ipv4/fib_trie.c:1224
   inet_rtm_newroute+0x289/0x420 net/ipv4/fib_frontend.c:886

Add helper to validate RTA_GATEWAY length before using the attribute.

Fixes: 4e902c57417c ("[IPv4]: FIB configuration using struct fib_config")
Reported-by: syzbot+d4b9a2851cc3ce998741@syzkaller.appspotmail.com
Signed-off-by: David Ahern <dsahern@kernel.org>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Paolo Pisati <p.pisati@gmail.com>