openvswitch: Fix condition check by using nla_ok()

Message ID	1631756603-3706451-1-git-send-email-jiasheng@iscas.ac.cn
State	New
Headers	show Return-Path: <netdev-owner@kernel.org> From: Jiasheng Jiang <jiasheng@iscas.ac.cn> To: pshelar@ovn.org, davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, dev@openvswitch.org, linux-kernel@vger.kernel.org, Jiasheng Jiang <jiasheng@iscas.ac.cn> Subject: [PATCH] openvswitch: Fix condition check by using nla_ok() Date: Thu, 16 Sep 2021 01:43:23 +0000 Message-Id: <1631756603-3706451-1-git-send-email-jiasheng@iscas.ac.cn> Precedence: bulk
Series	openvswitch: Fix condition check by using nla_ok() \| expand openvswitch: Fix condition check by using nla_ok()

Message ID

1631756603-3706451-1-git-send-email-jiasheng@iscas.ac.cn

State

New

Headers

From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
To: pshelar@ovn.org, davem@davemloft.net, kuba@kernel.org
Cc: netdev@vger.kernel.org, dev@openvswitch.org,
	linux-kernel@vger.kernel.org, Jiasheng Jiang <jiasheng@iscas.ac.cn>
Subject: [PATCH] openvswitch: Fix condition check by using nla_ok()
Date: Thu, 16 Sep 2021 01:43:23 +0000
Message-Id: <1631756603-3706451-1-git-send-email-jiasheng@iscas.ac.cn>
Precedence: bulk

Series

openvswitch: Fix condition check by using nla_ok() | expand

Commit Message

Jiasheng Jiang Sept. 16, 2021, 1:43 a.m. UTC

Just using 'rem > 0' might be unsafe, so it's better
to use the nla_ok() instead.
Because we can see from the nla_next() that
'*remaining' might be smaller than 'totlen'. And nla_ok()
will avoid it happening.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
---
 net/openvswitch/actions.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 77d924a..116e38a 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -1238,7 +1238,7 @@  static int do_execute_actions(struct datapath *dp, struct sk_buff *skb,
 	const struct nlattr *a;
 	int rem;
 
-	for (a = attr, rem = len; rem > 0;
+	for (a = attr, rem = len; nla_ok(a, rem);
 	     a = nla_next(a, &rem)) {
 		int err = 0;

openvswitch: Fix condition check by using nla_ok()

Commit Message

Patch