[net v3] netlabel: validate unlabeled address and mask attribute lengths
patchwork-bot+netdevbpf at kernel.org
patchwork-bot+netdevbpf at kernel.org
Sat Jun 6 02:10:05 UTC 2026
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba at kernel.org>:
On Wed, 3 Jun 2026 09:13:53 +0800 you wrote:
> netlbl_unlabel_addrinfo_get() used the address attribute length to
> determine whether the attribute data could be read as an IPv4 or IPv6
> address, but did not independently validate the corresponding mask
> attribute length. A crafted Generic Netlink request could therefore
> provide a valid IPv4/IPv6 address attribute with a shorter mask
> attribute, which would later be read as a full struct in_addr or
> struct in6_addr.
>
> [...]
Here is the summary with links:
- [net,v3] netlabel: validate unlabeled address and mask attribute lengths
https://git.kernel.org/netdev/net/c/9772589b57e4
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
More information about the Linux-security-module-archive
mailing list