Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a4995684 authored by Stephen Hemminger's avatar Stephen Hemminger Committed by Pablo Neira Ayuso
Browse files

netfilter: bridge: stp fix reference to uninitialized data 



The destination mac (destmac) is only valid if EBT_DESTMAC flag
is set. Fix by changing the order of the comparison to look for
the flag first.

Reported-by: default avatar <syzbot+5c06e318fc558cc27823@syzkaller.appspotmail.com>
Signed-off-by: default avatarStephen Hemminger <stephen@networkplumber.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 2f99aa31

net/bridge/netfilter/ebt_stp.c

+2 −2
Original line number Diff line number Diff line
@@ -161,8 +161,8 @@ static int ebt_stp_mt_check(const struct xt_mtchk_param *par) 
	/* Make sure the match only receives stp frames */

	if (!par->nft_compat &&

	    (!ether_addr_equal(e->destmac, eth_stp_addr) ||

	     !is_broadcast_ether_addr(e->destmsk) ||

	     !(e->bitmask & EBT_DESTMAC)))

	     !(e->bitmask & EBT_DESTMAC) ||

	     !is_broadcast_ether_addr(e->destmsk)))

		return -EINVAL;



	return 0;