From nobody Wed May 20 14:29:40 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gLDT12Wlbz6dsrT for ; Wed, 20 May 2026 14:29:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gLDT0738Qz3Zf4 for ; Wed, 20 May 2026 14:29:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779287381; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ak7Na0A8ic9uxR6JH1tPmUOXRkjlMOmavP7INiQHx2c=; b=f4QlwCa0Im5VajTZ7SDuRzIOPX2vaGykjgMczZodWGCHacCxq4PKNPxBm+zzB+Ivn/Qg0C 1alxyTroioBCQKOYqCWMvFDZwGcMDtT3XMg1t7av6RTFaCSoSdy9d62VJIzBlTPxZoXE2D Jc1i6SiJeXj725/uuifafI9FAA1x88X5unORyP2rTum8K9l2WfIVo+uii8KKY8+drSKBAw ZLgOOqvF30H3Y3iy3nJEPe7WClDr/B5y/YaHkYi2SPfcXdjxETGUlo40yUFOojZEja7TI3 2OLbErmlaOUgTfBzxr/7Q/gJ2HvAnSxcwKkTcE+KnKc1aFi9WNNv5GfFu0os8A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779287381; a=rsa-sha256; cv=none; b=dTelnTZnEGa7jjSQWTjGbXb4p1GBn0AxsuM6vis8RLL8xB3abyjufTMKBaOIc2G1P2nrWS GjkGjESuNx8B3nwnc1VMBT+3kCZ8jp8OtVslNb+orz0BZG96I1eDASgpgLLLWQjEa+c562 UKibuMYlFNkUm2USqypZIdw/Ickq7iM7sq36WJtb9JgzP7RsOFu3zXU0/L0O4S8R1Oux7M cVmXpRNzAmu3dij5SGZgeAVqlnl5XD14UZBxYgwMO1/a05xPkAiBi7P7cfm8bX69SLAKrP /241xkpNj5IlcrIhGqIWQS4CjpQ1bmViDF2mArDZkTZkVk+M0r295jHPeT063A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779287381; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ak7Na0A8ic9uxR6JH1tPmUOXRkjlMOmavP7INiQHx2c=; b=JPJdeRrAcbrgUg4/kaibGcMdnSRRur+Ns7sqSSROcog06I7WoLXp0a9kz6OrnpqQECAWfp 3onIc4wbtZ04m+00PMpJp2QtSnWIWR3hH0Xn5M1rHZnqity7SsoySu+Pqp83V2CmFfRzmw CgGhoO+7dqC7RXkSIJqAzpH6TrA4k9nK7HDXju8RsiFOxAwkueGkLtvqlB/yV4AfqFMj4t P9ukk5dKfp5DZuV45VDJyf+YJ84pHWrrameh1wghWBUeLhXtLT79UYa5ByAY5dsAusfz/t ItK+EVZDtX5ixNh+DhKCaGVZdlyI1hwJKY8waEYWsnvDCqxF4X0MPdkY4s1NXQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gLDT068mjz14lV for ; Wed, 20 May 2026 14:29:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3cf56 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 20 May 2026 14:29:40 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: e924a2c80b9e - main - netlink: fix unsigned overflow on a truncated message List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e924a2c80b9e1ace68d8ca0ffdacec65feec90a3 Auto-Submitted: auto-generated Date: Wed, 20 May 2026 14:29:40 +0000 Message-Id: <6a0dc554.3cf56.4d406b96@gitrepo.freebsd.org> The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=e924a2c80b9e1ace68d8ca0ffdacec65feec90a3 commit e924a2c80b9e1ace68d8ca0ffdacec65feec90a3 Author: Gleb Smirnoff AuthorDate: 2026-05-20 14:27:52 +0000 Commit: Gleb Smirnoff CommitDate: 2026-05-20 14:27:52 +0000 netlink: fix unsigned overflow on a truncated message PR: 295106 Submitted by: Robert Morris Reviewed by: pouria, melifaro Differential Revision: https://reviews.freebsd.org/D56916 --- sys/netlink/netlink_message_parser.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/netlink/netlink_message_parser.h b/sys/netlink/netlink_message_parser.h index 8f61091c4a7f..c747f301059c 100644 --- a/sys/netlink/netlink_message_parser.h +++ b/sys/netlink/netlink_message_parser.h @@ -315,6 +315,12 @@ static inline void nl_get_attrs_bmask_nlmsg(struct nlmsghdr *hdr, const struct nlhdr_parser *parser, struct nlattr_bmask *bm) { + if (__predict_false(hdr->nlmsg_len - sizeof(struct nlmsghdr) < + parser->nl_hdr_off)) { + /* Doesn't make sense to call nl_alloc_compat_hdr() here. */ + BIT_ZERO(NL_ATTR_BMASK_SIZE, bm); + return; + } nl_get_attrs_bmask_raw( (struct nlattr *)((char *)(hdr + 1) + parser->nl_hdr_off), hdr->nlmsg_len - sizeof(*hdr) - parser->nl_hdr_off, bm);