tcp_metrics: validate source addr length

PlaidCat · PlaidCat · commit e497996cef9e · 2025-06-06T13:31:01.000-04:00
jira LE-3201 cve CVE-2024-42154 Rebuild_History Non-Buildable kernel-rt-4.18.0-553.22.1.rt7.363.el8_10 commit-author Jakub Kicinski <kuba@kernel.org> commit 66be40e I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated). Reviewed-by: Eric Dumazet <edumazet@google.com> Fixes: 3e7013d ("tcp: metrics: Allow selective get/del of tcp-metrics based on src IP") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 66be40e) Signed-off-by: Jonathan Maple <jmaple@ciq.com>
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
@@ -596,6 +596,7 @@ static const struct nla_policy tcp_metrics_nl_policy[TCP_METRICS_ATTR_MAX + 1] =
 	[TCP_METRICS_ATTR_ADDR_IPV4]	= { .type = NLA_U32, },
 	[TCP_METRICS_ATTR_ADDR_IPV6]	= { .type = NLA_BINARY,
 					    .len = sizeof(struct in6_addr), },
+	[TCP_METRICS_ATTR_SADDR_IPV4]	= { .type = NLA_U32, },
 	/* Following attributes are not received for GET/DEL,
 	 * we keep them for reference
 	 */
