From: Florian Westphal <fw@strlen.de>
Date: Thu, 18 Jun 2026 22:34:49 +0000 (+0200)
Subject: netfilter: nft_meta_bridge: fix NFT_META_BRI_IIFPVID stack leak
X-Git-Tag: v7.2-rc1~29^2~63^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27dd2997746d54ebc079bb13161cc1bdd401d4a6;p=thirdparty%2Flinux.git

netfilter: nft_meta_bridge: fix NFT_META_BRI_IIFPVID stack leak

This needs to test for nonzero retval.

Fixes: c54c7c685494 ("netfilter: nft_meta_bridge: add NFT_META_BRI_IIFPVID support")
Closes: https://sashiko.dev/#/patchset/20260618061631.21919-1-fw%40strlen.de
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/bridge/netfilter/nft_meta_bridge.c b/net/bridge/netfilter/nft_meta_bridge.c
index 3d95f68e0906a..e4c9aa1f64e25 100644
--- a/net/bridge/netfilter/nft_meta_bridge.c
+++ b/net/bridge/netfilter/nft_meta_bridge.c
@@ -44,7 +44,9 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
 		if (!br_dev || !br_vlan_enabled(br_dev))
 			goto err;
 
-		br_vlan_get_pvid_rcu(in, &p_pvid);
+		if (br_vlan_get_pvid_rcu(in, &p_pvid))
+			goto err;
+
 		nft_reg_store16(dest, p_pvid);
 		return;
 	}