commit 1840bb13c22f5b8fd2e242e36c8d6ea3f312be67 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[RTNL]: Validate hardware and broadcast address attribute for RTM_NEWLINK

RTM_NEWLINK allows for already existing links to be modified. For this
purpose do_setlink() is called which expects address attributes with a
payload length of at least dev->addr_len. This patch adds the necessary
validation for the RTM_NEWLINK case.

The address length for links to be created is not checked for now as the
actual attribute length is used when copying the address to the netdevice
structure. It might make sense to report an error if less than addr_len
bytes are provided but enforcing this might break drivers trying to be
smart with not transmitting all zero addresses.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Thomas Graf and committed by David S. Miller 18 years ago 1840bb13 759afc31

+19 -6

1 changed file

expand all

unified split

net

core

rtnetlink.c

+19 -6

net/core/rtnetlink.c

··· 722 return net; 723 } 724 725 static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm, 726 struct nlattr **tb, char *ifname, int modified) 727 { ··· 909 goto errout; 910 } 911 912 - if (tb[IFLA_ADDRESS] && 913 - nla_len(tb[IFLA_ADDRESS]) < dev->addr_len) 914 - goto errout_dev; 915 - 916 - if (tb[IFLA_BROADCAST] && 917 - nla_len(tb[IFLA_BROADCAST]) < dev->addr_len) 918 goto errout_dev; 919 920 err = do_setlink(dev, ifm, tb, ifname, 0); ··· 1029 dev = __dev_get_by_name(net, ifname); 1030 else 1031 dev = NULL; 1032 1033 if (tb[IFLA_LINKINFO]) { 1034 err = nla_parse_nested(linkinfo, IFLA_INFO_MAX,

··· 722 return net; 723 } 724 725 + static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[]) 726 + { 727 + if (dev) { 728 + if (tb[IFLA_ADDRESS] && 729 + nla_len(tb[IFLA_ADDRESS]) < dev->addr_len) 730 + return -EINVAL; 731 + 732 + if (tb[IFLA_BROADCAST] && 733 + nla_len(tb[IFLA_BROADCAST]) < dev->addr_len) 734 + return -EINVAL; 735 + } 736 + 737 + return 0; 738 + } 739 + 740 static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm, 741 struct nlattr **tb, char *ifname, int modified) 742 { ··· 894 goto errout; 895 } 896 897 + if ((err = validate_linkmsg(dev, tb)) < 0) 898 goto errout_dev; 899 900 err = do_setlink(dev, ifm, tb, ifname, 0); ··· 1019 dev = __dev_get_by_name(net, ifname); 1020 else 1021 dev = NULL; 1022 + 1023 + if ((err = validate_linkmsg(dev, tb)) < 0) 1024 + return err; 1025 1026 if (tb[IFLA_LINKINFO]) { 1027 err = nla_parse_nested(linkinfo, IFLA_INFO_MAX,