superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net/bridge
History
Eric Dumazet bdd39576bf net: bridge: prevent too big nested attributes in br_fill_linkxstats() 
After commit ff205bf8c554 ("netlink: add one debug check in nla_nest_end()")
syzbot found that br_fill_linkxstats() can send corrupted netlink packets.

Make sure the nested attribute size is bounded.

Fixes: a60c090361 ("bridge: netlink: export per-vlan stats")
Reported-by: syzbot+a35f9259d08f907c06e6@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/6a0b0da3.050a0220.175f0c.0000.GAE@google.com/
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://patch.msgid.link/20260520114207.1394241-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2026-05-21 08:47:36 -07:00
..
netfilter netfilter: bridge: eb_tables: close module init race 2026-05-08 01:30:17 +02:00
Kconfig ipv6: convert CONFIG_IPV6 to built-in only and clean up Kconfigs 2026-03-29 11:21:22 -07:00
Makefile net: bridge: mst: Multiple Spanning Tree (MST) mode 2022-03-17 16:49:57 -07:00
br.c net: remove unused ATM protocols and legacy ATM device drivers 2026-04-23 12:21:14 -07:00
br_arp_nd_proxy.c net: bridge: use a stable FDB dst snapshot in RCU readers 2026-04-16 12:47:41 +02:00
br_cfm.c bridge: cfm: Fix race condition in peer_mep deletion 2026-03-12 18:33:52 -07:00
br_cfm_netlink.c bridge: cfm: fix enum typo in br_cc_ccm_tx_parse 2023-12-26 22:38:13 +00:00
br_device.c net: bridge: add stp_mode attribute for STP mode selection 2026-04-10 15:52:24 -07:00
br_fdb.c Delete some obsolete networking code 2026-04-24 09:41:58 -07:00
br_forward.c net: bridge: fix use-after-free due to MST port state bypass 2025-11-06 07:32:17 -08:00
br_if.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
br_input.c net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled 2026-03-05 07:52:56 -08:00
br_ioctl.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
br_mdb.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
br_mrp.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
br_mrp_netlink.c bridge: mrp: reject zero test interval to avoid OOM panic 2026-03-31 16:11:24 +02:00
br_mrp_switchdev.c bridge: mrp: Extend br_mrp_switchdev to detect better the errors 2021-02-16 14:47:46 -08:00
br_mst.c net: bridge: fix MST static key usage 2025-11-06 07:32:17 -08:00
br_multicast.c bridge: mcast: Fix a possible use-after-free when removing a bridge port 2026-05-19 18:15:22 -07:00
br_multicast_eht.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
br_netfilter_hooks.c netfilter: br_netfilter: Reallocate headroom if necessary in neigh_hh_bridge() 2026-05-16 13:22:50 +02:00
br_netfilter_ipv6.c netfilter: remove nf_ipv6_ops and use direct function calls 2026-03-29 11:21:24 -07:00
br_netlink.c net: bridge: prevent too big nested attributes in br_fill_linkxstats() 2026-05-21 08:47:36 -07:00
br_netlink_tunnel.c net: bridge: fix an inconsistent indentation 2024-06-05 10:04:47 +01:00
br_nf_core.c bridge: netfilter: Fix forwarding of fragmented packets 2025-05-16 16:02:06 -07:00
br_private.h net: remove unused ATM protocols and legacy ATM device drivers 2026-04-23 12:21:14 -07:00
br_private_cfm.h
br_private_mcast_eht.h net: bridge: multicast: use multicast contexts instead of bridge or port 2021-07-20 05:41:19 -07:00
br_private_mrp.h net: bridge: mrp: Update the Test frames for MRA 2021-06-28 15:46:10 -07:00
br_private_stp.h
br_private_tunnel.h bridge: always declare tunnel functions 2023-05-17 21:28:58 -07:00
br_stp.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
br_stp_bpdu.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
br_stp_if.c net: bridge: add stp_mode attribute for STP mode selection 2026-04-10 15:52:24 -07:00
br_stp_timer.c treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
br_switchdev.c bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
br_sysfs_br.c mm.git review status for linus..mm-nonmm-stable 2026-02-12 12:13:01 -08:00
br_sysfs_if.c net: bridge: use sysfs_emit instead of sprintf 2026-02-03 19:19:42 -08:00
br_vlan.c bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
br_vlan_options.c bridge: Check relevant per-VLAN options in VLAN range grouping 2026-02-26 19:24:29 -08:00
br_vlan_tunnel.c bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress 2026-01-04 09:45:35 -08:00