git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ido Schimmel <idosch@nvidia.com>
	Wed, 4 Jun 2025 11:32:52 +0000 (14:32 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 27 Jun 2025 10:05:18 +0000 (11:05 +0100)
commit	668923c474608dd9ebce0fbcc41bd8a27aa73dd6
tree	a1914a3350bc43263bc78851f00b52bb07d36f6a	tree
parent	18e65229a328304a7ef59899a30fd34ad73ed56b	commit \| diff

seg6: Fix validation of nexthop addresses

[ Upstream commit 7632fedb266d93ed0ed9f487133e6c6314a9b2d1 ]

The kernel currently validates that the length of the provided nexthop
address does not exceed the specified length. This can lead to the
kernel reading uninitialized memory if user space provided a shorter
length than the specified one.

Fix by validating that the provided length exactly matches the specified
one.

Fixes: d1df6fd8a1d2 ("ipv6: sr: define core operations for seg6local lightweight tunnel")
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250604113252.371528-1-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>