openvswitch: Fix unsafe attribute parsing in output_userspace()

This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed. Fixes: ccb1352e76cf ("net: Add Open vSwitch kernel components.") Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Acked-by: Ilya Maximets <i.maximets@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com> Link: https://patch.msgid.link/0bd65949df61591d9171c0dc13e42cea8941da10.1746541734.git.echaudro@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Eelco Chaudron <echaudro@redhat.com> 2025-05-06 16:28:54 +0200
committer: Jakub Kicinski <kuba@kernel.org> 2025-05-07 16:51:02 -0700
commit: 6beb6835c1fbb3f676aebb51a5fee6b77fed9308 (patch)
tree: eaddecca5f0f60b21dee45b96aa380914c2f2074
parent: 9540984da649d46f699c47f28c68bbd3c9d99e4c (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 61fea7baae5d..2f22ca59586f 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -975,8 +975,7 @@ static int output_userspace(struct datapath *dp, struct sk_buff *skb,
 	upcall.cmd = OVS_PACKET_CMD_ACTION;
 	upcall.mru = OVS_CB(skb)->mru;
 
-	for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
-	     a = nla_next(a, &rem)) {
+	nla_for_each_nested(a, attr, rem) {
 		switch (nla_type(a)) {
 		case OVS_USERSPACE_ATTR_USERDATA:
 			upcall.userdata = a;
author	Eelco Chaudron <echaudro@redhat.com>	2025-05-06 16:28:54 +0200
committer	Jakub Kicinski <kuba@kernel.org>	2025-05-07 16:51:02 -0700
commit	6beb6835c1fbb3f676aebb51a5fee6b77fed9308 (patch)
tree	eaddecca5f0f60b21dee45b96aa380914c2f2074
parent	9540984da649d46f699c47f28c68bbd3c9d99e4c (diff)