diff options
| author |   Eelco Chaudron <echaudro@redhat.com> | 2025-05-12 10:08:24 +0200 |
|---|---|---|
| committer |   Jakub Kicinski <kuba@kernel.org> | 2025-05-14 19:13:34 -0700 |
| commit | 88906f55954131ed2d3974e044b7fb48129b86ae (patch) | |
| tree | 75e21063a7332ec309de95b6b8c8984765fd2e27 | |
| parent | net: phy: remove Kconfig symbol MDIO_DEVRES (diff) | |
| download | wireguard-linux-88906f55954131ed2d3974e044b7fb48129b86ae.tar.xz wireguard-linux-88906f55954131ed2d3974e044b7fb48129b86ae.zip | |
openvswitch: Stricter validation for the userspace action
This change enhances the robustness of validate_userspace() by ensuring
that all Netlink attributes are fully contained within the parent
attribute. The previous use of nla_parse_nested_deprecated() could
silently skip trailing or malformed attributes, as it stops parsing at
the first invalid entry.
By switching to nla_parse_deprecated_strict(), we make sure only fully
validated attributes are copied for later use.
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Link: https://patch.msgid.link/67eb414e2d250e8408bb8afeb982deca2ff2b10b.1747037304.git.echaudro@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | net/openvswitch/flow_netlink.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index 518be23e48ea..ad64bb9ab5e2 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -3049,7 +3049,8 @@ static int validate_userspace(const struct nlattr *attr) struct nlattr *a[OVS_USERSPACE_ATTR_MAX + 1]; int error; - error = nla_parse_nested_deprecated(a, OVS_USERSPACE_ATTR_MAX, attr, + error = nla_parse_deprecated_strict(a, OVS_USERSPACE_ATTR_MAX, + nla_data(attr), nla_len(attr), userspace_policy, NULL); if (error) return error; |