]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
netfilter: nft_meta_bridge: fix NFT_META_BRI_IIFPVID stack leak
authorFlorian Westphal <fw@strlen.de>
Thu, 18 Jun 2026 22:34:49 +0000 (00:34 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sat, 20 Jun 2026 22:18:37 +0000 (00:18 +0200)
This needs to test for nonzero retval.

Fixes: c54c7c685494 ("netfilter: nft_meta_bridge: add NFT_META_BRI_IIFPVID support")
Closes: https://sashiko.dev/#/patchset/20260618061631.21919-1-fw%40strlen.de
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/bridge/netfilter/nft_meta_bridge.c

index 3d95f68e0906abf5cc83dddad274ddfd54ff8179..e4c9aa1f64e25f10f7d006163d010ff78bbde6e6 100644 (file)
@@ -44,7 +44,9 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
                if (!br_dev || !br_vlan_enabled(br_dev))
                        goto err;
 
-               br_vlan_get_pvid_rcu(in, &p_pvid);
+               if (br_vlan_get_pvid_rcu(in, &p_pvid))
+                       goto err;
+
                nft_reg_store16(dest, p_pvid);
                return;
        }