git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ido Schimmel <idosch@nvidia.com>
	Wed, 4 Jun 2025 11:32:52 +0000 (14:32 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 27 Jun 2025 10:07:18 +0000 (11:07 +0100)
commit	cef33a86bcb04ecf4dc10c56f6c42ee9d1c54bac
tree	8d760a8eb6bc009ce5e15ea49ea940b8dce8542c	tree
parent	fb978675ccfd4a93549e49624127d8332cc61cbf	commit \| diff

seg6: Fix validation of nexthop addresses

[ Upstream commit 7632fedb266d93ed0ed9f487133e6c6314a9b2d1 ]

The kernel currently validates that the length of the provided nexthop
address does not exceed the specified length. This can lead to the
kernel reading uninitialized memory if user space provided a shorter
length than the specified one.

Fix by validating that the provided length exactly matches the specified
one.

Fixes: d1df6fd8a1d2 ("ipv6: sr: define core operations for seg6local lightweight tunnel")
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250604113252.371528-1-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>