--- /dev/null
+From ddb90a54268bc294c6b14ba861d5681e80e57a82 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 5 May 2021 09:58:31 -0700
+Subject: net: fix nla_strcmp to handle more then one trailing null character
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Maciej Żenczykowski <maze@google.com>
+
+[ Upstream commit 2c16db6c92b0ee4aa61e88366df82169e83c3f7e ]
+
+Android userspace has been using TCA_KIND with a char[IFNAMESIZ]
+many-null-terminated buffer containing the string 'bpf'.
+
+This works on 4.19 and ceases to work on 5.10.
+
+I'm not entirely sure what fixes tag to use, but I think the issue
+was likely introduced in the below mentioned 5.4 commit.
+
+Reported-by: Nucca Chen <nuccachen@google.com>
+Cc: Cong Wang <xiyou.wangcong@gmail.com>
+Cc: David Ahern <dsahern@gmail.com>
+Cc: David S. Miller <davem@davemloft.net>
+Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
+Cc: Jamal Hadi Salim <jhs@mojatatu.com>
+Cc: Jiri Pirko <jiri@mellanox.com>
+Cc: Jiri Pirko <jiri@resnulli.us>
+Fixes: 62794fc4fbf5 ("net_sched: add max len check for TCA_KIND")
+Change-Id: I66dc281f165a2858fc29a44869a270a2d698a82b
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ lib/nlattr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/nlattr.c b/lib/nlattr.c
+index fce1e9afc6d9..ea27e1d069b1 100644
+--- a/lib/nlattr.c
++++ b/lib/nlattr.c
+@@ -316,7 +316,7 @@ int nla_strcmp(const struct nlattr *nla, const char *str)
+ int attrlen = nla_len(nla);
+ int d;
+
+- if (attrlen > 0 && buf[attrlen - 1] == '\0')
++ while (attrlen > 0 && buf[attrlen - 1] == '\0')
+ attrlen--;
+
+ d = attrlen - len;
+--
+2.35.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
