On Tue, May 20, 2025 at 02:21:51PM -0700, Kees Cook wrote:
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 6b7731739bbf..4953e202d0c0 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> [...]
> @@ -3098,10 +3088,9 @@ static int do_setlink(const struct sk_buff *skb,
> struct net_device *dev,
> down_write(&dev_addr_sem);
> netdev_lock_ops(dev);
>
> - memcpy(sa->sa_data, nla_data(tb[IFLA_ADDRESS]),
> - dev->addr_len);
> - err = netif_set_mac_address(dev, (struct sockaddr_storage *)sa,
> extack);
> - kfree(sa);
> + ss->sa_family = dev->type;
> + memcpy(ss->__data, nla_data(tb[IFLA_ADDRESS]), dev->addr_len);
> + err = netif_set_mac_address(dev, &ss, extack);
> if (err) {
> up_write(&dev_addr_sem);
> goto errout;
Ugh, sorry, this has a dependency on a separate patch. Please ignore
this; I will send them as a set.
--
Kees Cook
