aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
authorFlorian Westphal <fw@strlen.de>2026-06-19 00:34:49 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2026-06-21 00:18:37 +0200
commit27dd2997746d54ebc079bb13161cc1bdd401d4a6 (patch)
tree0362e0980f804d336dcc79e46e51c783c5556535 /net
parentb8b09dc2bf35a00d4e0556b5d6308c7b917ebda2 (diff)
downloadath-27dd2997746d54ebc079bb13161cc1bdd401d4a6.tar.gz
netfilter: nft_meta_bridge: fix NFT_META_BRI_IIFPVID stack leak
This needs to test for nonzero retval. Fixes: c54c7c685494 ("netfilter: nft_meta_bridge: add NFT_META_BRI_IIFPVID support") Closes: https://sashiko.dev/#/patchset/20260618061631.21919-1-fw%40strlen.de Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/bridge/netfilter/nft_meta_bridge.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/bridge/netfilter/nft_meta_bridge.c b/net/bridge/netfilter/nft_meta_bridge.c
index 3d95f68e0906a..e4c9aa1f64e25 100644
--- a/net/bridge/netfilter/nft_meta_bridge.c
+++ b/net/bridge/netfilter/nft_meta_bridge.c
@@ -44,7 +44,9 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
if (!br_dev || !br_vlan_enabled(br_dev))
goto err;
- br_vlan_get_pvid_rcu(in, &p_pvid);
+ if (br_vlan_get_pvid_rcu(in, &p_pvid))
+ goto err;
+
nft_reg_store16(dest, p_pvid);
return;
}