From: Johannes Berg <johannes.b...@intel.com>
In the policy export for binary attributes I erroneously used
a != NLA_VALIDATE_NONE comparison instead of checking for the
two possible values, which meant that if a validation function
pointer ended up aliasing the min/max as negatives, we'd hit
a warning in nla_get_range_unsigned().
Fix this to correctly check for only the two types that should
be handled here, i.e. range with or without warn-too-long.
Reported-by: syzbot+353df1490da781637...@syzkaller.appspotmail.com
Fixes: 8aa26c575fb3 ("netlink: make NLA_BINARY validation more flexible")
Signed-off-by: Johannes Berg <johannes.b...@intel.com>
---
net/netlink/policy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netlink/policy.c b/net/netlink/policy.c
index 7b1f50531cd3..5c9e7530865f 100644
--- a/net/netlink/policy.c
+++ b/net/netlink/policy.c
@@ -264,7 +264,8 @@ int netlink_policy_dump_write(struct sk_buff *skb, unsigned
long _state)
else
type = NL_ATTR_TYPE_BINARY;
- if (pt->validation_type != NLA_VALIDATE_NONE) {
+ if (pt->validation_type == NLA_VALIDATE_RANGE ||
+ pt->validation_type == NLA_VALIDATE_RANGE_WARN_TOO_LONG) {
struct netlink_range_validation range;
nla_get_range_unsigned(pt, &range);
--
2.26.2
