[Bridge] [patch v2] bridge: make buffer larger in br_setlink()
Dan Carpenter
dan.carpenter at oracle.com
Fri Dec 7 11:10:46 UTC 2012
We pass IFLA_BRPORT_MAX to nla_parse_nested() so we need
IFLA_BRPORT_MAX + 1 elements. Also Smatch complains that we read past
the end of the array when in br_set_port_flag() when it's called with
IFLA_BRPORT_FAST_LEAVE.
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
---
v2: Style tweak.
Only needed in linux-next.
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 850b7d1..cfc5cfe 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -239,7 +239,7 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh)
struct ifinfomsg *ifm;
struct nlattr *protinfo;
struct net_bridge_port *p;
- struct nlattr *tb[IFLA_BRPORT_MAX];
+ struct nlattr *tb[IFLA_BRPORT_MAX + 1];
int err;
ifm = nlmsg_data(nlh);
More information about the Bridge
mailing list