netlink: Fully clear parser state between messages
ClosedPublic
Actions

Authored by des on Jul 30 2025, 1:36 PM.

Details

Reviewers

glebius
melifaro

Commits

rG627831eba3de: netlink: Fully clear parser state between messages
rGf318186deb3e: netlink: Fully clear parser state between messages
rGa8d90e32133b: netlink: Fully clear parser state between messages

Summary

Failing to reset the cookie between messages can lead to an attempt
to interpret a zeroed buffer as a struct nlattr, causing a length
calculation to underflow, resulting in a memcpy() call where the
length exceeds the actual size of the buffer.

MFC after: 1 week
PR: 283797

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 65846
Build 62729: arc lint + arc unit

Event Timeline

des created this revision.Jul 30 2025, 1:36 PM

Herald added a subscriber: imp. · View Herald TranscriptJul 30 2025, 1:36 PM

des requested review of this revision.Jul 30 2025, 1:36 PM

Harbormaster completed remote builds in B65846: Diff 159443.Jul 30 2025, 1:36 PM

Thanks Robert for another quality submission. Thanks Dag-Erling for handling.

This revision is now accepted and ready to land.Jul 30 2025, 6:30 PM

Closed by commit rGa8d90e32133b: netlink: Fully clear parser state between messages (authored by des). · Explain WhyJul 31 2025, 10:07 AM

This revision was automatically updated to reflect the committed changes.

des added a commit: rGa8d90e32133b: netlink: Fully clear parser state between messages.

des added a commit: rGf318186deb3e: netlink: Fully clear parser state between messages.Aug 6 2025, 3:32 PM

des added a commit: rG627831eba3de: netlink: Fully clear parser state between messages.

Revision Contents
Changeset List

Path

Size

sys/

netlink/

netlink_io.c

1 line

Diff 159443

View Options

netlink: Fully clear parser state between messagesClosedPublicActions