[net-next] netlabel: validate unlabeled mask attribute length

[Paolo Abeni]

On 5/22/26 7:45 AM, Chenguang Zhao wrote:
> netlbl_unlabel_addrinfo_get() checked the address length
> but allowed shorter mask attributes to pass through to
> fixed-size address reads.
> 
> Signed-off-by: Chenguang Zhao <zhaochenguang at kylinos.cn>
> ---
>  netlbl_unlabel_addrinfo_get() only rejected a mask
>  length mismatch when the address attribute length
>  was also invalid.  A crafted Generic Netlink request
>  could therefore provide a valid IPv4/IPv6 address
>  attribute with a shorter mask attribute.
>  
>  NLA_BINARY policy lengths are maximum lengths,
>  not exact lengths, so the short mask can pass
>  policy validation.  The mask is later read as
>  a full struct in_addr or struct in6_addr.
>  Require both address and mask attributes to
>  have the exact expected size.

The above should be part of the commit message. Also this looks like a
fix that should target the 'net' tree and include a 'Fixes:' tag.

Thanks,

Paolo