commit 1840bb13c22f5b8fd2e242e36c8d6ea3f312be67 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[RTNL]: Validate hardware and broadcast address attribute for RTM_NEWLINK

RTM_NEWLINK allows for already existing links to be modified. For this
purpose do_setlink() is called which expects address attributes with a
payload length of at least dev->addr_len. This patch adds the necessary
validation for the RTM_NEWLINK case.

The address length for links to be created is not checked for now as the
actual attribute length is used when copying the address to the netdevice
structure. It might make sense to report an error if less than addr_len
bytes are provided but enforcing this might break drivers trying to be
smart with not transmitting all zero addresses.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Thomas Graf and committed by David S. Miller 18 years ago 1840bb13 759afc31

+19 -6

1 changed file

expand all

unified split

net

core

rtnetlink.c

+19 -6

net/core/rtnetlink.c

··· 722 722 return net; 723 723 } 724 724 725 + static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[]) 726 + { 727 + if (dev) { 728 + if (tb[IFLA_ADDRESS] && 729 + nla_len(tb[IFLA_ADDRESS]) < dev->addr_len) 730 + return -EINVAL; 731 + 732 + if (tb[IFLA_BROADCAST] && 733 + nla_len(tb[IFLA_BROADCAST]) < dev->addr_len) 734 + return -EINVAL; 735 + } 736 + 737 + return 0; 738 + } 739 + 725 740 static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm, 726 741 struct nlattr **tb, char *ifname, int modified) 727 742 { ··· 909 894 goto errout; 910 895 } 911 896 912 - if (tb[IFLA_ADDRESS] && 913 - nla_len(tb[IFLA_ADDRESS]) < dev->addr_len) 914 - goto errout_dev; 915 - 916 - if (tb[IFLA_BROADCAST] && 917 - nla_len(tb[IFLA_BROADCAST]) < dev->addr_len) 897 + if ((err = validate_linkmsg(dev, tb)) < 0) 918 898 goto errout_dev; 919 899 920 900 err = do_setlink(dev, ifm, tb, ifname, 0); ··· 1029 1019 dev = __dev_get_by_name(net, ifname); 1030 1020 else 1031 1021 dev = NULL; 1022 + 1023 + if ((err = validate_linkmsg(dev, tb)) < 0) 1024 + return err; 1032 1025 1033 1026 if (tb[IFLA_LINKINFO]) { 1034 1027 err = nla_parse_nested(linkinfo, IFLA_INFO_MAX,