tcp_metrics: validate source addr length

Guillaume Nault · Guillaume Nault · commit a6299da0a8d4 · 2024-08-07T14:24:46.000+02:00
JIRA: https://issues.redhat.com/browse/RHEL-52031 Upstream Status: linux.git CVE: CVE-2024-42154 commit 66be40e Author: Jakub Kicinski <kuba@kernel.org> Date: Thu Jun 27 14:25:00 2024 -0700 tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated). Reviewed-by: Eric Dumazet <edumazet@google.com> Fixes: 3e7013d ("tcp: metrics: Allow selective get/del of tcp-metrics based on src IP") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Guillaume Nault <gnault@redhat.com>
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
@@ -601,6 +601,7 @@ static const struct nla_policy tcp_metrics_nl_policy[TCP_METRICS_ATTR_MAX + 1] =
 	[TCP_METRICS_ATTR_ADDR_IPV4]	= { .type = NLA_U32, },
 	[TCP_METRICS_ATTR_ADDR_IPV6]	= { .type = NLA_BINARY,
 					    .len = sizeof(struct in6_addr), },
+	[TCP_METRICS_ATTR_SADDR_IPV4]	= { .type = NLA_U32, },
 	/* Following attributes are not received for GET/DEL,
 	 * we keep them for reference
 	 */
