In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags)memcpy(nla_data(attr), &flags, sizeof(flags));// attrshould point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit,the `attr` is grantedto be IFLA_BRIDGE_FLAGS.However, this isnot necessarily true fow nowas the updatedloop will letthe attr point to the last NLA, even aninvalidNLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLApointerthat points to IFLA_BRIDGE_FLAGS and uses itto resolvethe mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentionedcommit, the `attr` isgranted to be IFLA_BRIDGE_FLAGS.However,this is not necessarily truefow now as theupdated loop will letthe attr point to the last NLA,even aninvalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to savethe NLA pointerthat points to IFLA_BRIDGE_FLAGS anduses it toresolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
In the Linux kernel, the following vulnerability has been resolved:rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing backIn the commit d73ef2d69c0d ( rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length ), an adjustment was made to the old loop logicin the function `rtnl_bridge_setlink` to enable the loop to also checkthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustmentremoved the `break` statement and led to an error logic of the flagswriting back at the end of this function.if (have_flags) memcpy(nla_data(attr), &flags, sizeof(flags)); // attr should point to IFLA_BRIDGE_FLAGS NLA !!!Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.However, this is not necessarily true fow now as the updated loop will letthe attr point to the last NLA, even an invalid NLA which could causeoverflow writes.This patch introduces a new variable `br_flag` to save the NLA pointerthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentionederror logic.
