From: Jakub Kicinski Date: Tue, 16 Jun 2026 00:30:46 +0000 (-0700) Subject: net: psample: fix info leak in PSAMPLE_ATTR_DATA X-Git-Tag: v7.2-rc1~29^2~105 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aedd02af1f8b0bceb7f42f5a21c41634ca9ed390;p=thirdparty%2Flinux.git net: psample: fix info leak in PSAMPLE_ATTR_DATA psample open codes nla_put() presumably to avoid wiping the data with 0s just to override it with packet data. This open coding is missing clearing the pad, however, each netlink attr is padded to 4B and data_len may not be divisible by 4B. Fixes: 6ae0a6286171 ("net: Introduce psample, a new genetlink channel for packet sampling") Reported-by: Weiming Shi Reviewed-by: Jiri Pirko Link: https://patch.msgid.link/20260616003046.1099490-1-kuba@kernel.org Signed-off-by: Jakub Kicinski --- diff --git a/net/psample/psample.c b/net/psample/psample.c index 7763662036fb7..c112e1f0ccacb 100644 --- a/net/psample/psample.c +++ b/net/psample/psample.c @@ -476,15 +476,17 @@ void psample_sample_packet(struct psample_group *group, goto error; if (data_len) { - int nla_len = nla_total_size(data_len); + int nla_len = nla_attr_size(data_len); struct nlattr *nla; nla = skb_put(nl_skb, nla_len); nla->nla_type = PSAMPLE_ATTR_DATA; - nla->nla_len = nla_attr_size(data_len); + nla->nla_len = nla_len; if (skb_copy_bits(skb, 0, nla_data(nla), data_len)) goto error; + + skb_put_zero(nl_skb, nla_padlen(data_len)); } #ifdef CONFIG_INET