summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorstephen hemminger <stephen@networkplumber.org>2017-05-19 09:55:48 -0700
committerDavid S. Miller <davem@davemloft.net>2017-05-21 13:42:33 -0400
commit332b4fc88698dd0429924a61e09d1734940d80a0 (patch)
treee29c977e352c95359ad319e168e5853e9adc2455
parentdae37055f475a369f7433360e246afbdccd22ff6 (diff)
downloadlinux-332b4fc88698dd0429924a61e09d1734940d80a0.tar.gz
linux-332b4fc88698dd0429924a61e09d1734940d80a0.tar.bz2
linux-332b4fc88698dd0429924a61e09d1734940d80a0.zip
dcb: enforce minimum length on IEEE_APPS attribute
Found by reviewing the warning about unused policy table. The code implies that it meant to check for size, but since it unrolled the loop for attribute validation that is never used. Instead do explicit check for attribute. Compile tested only. Needs review by original author. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/dcb/dcbnl.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 93106120f987..733f523707ac 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -178,10 +178,6 @@ static const struct nla_policy dcbnl_ieee_policy[DCB_ATTR_IEEE_MAX + 1] = {
[DCB_ATTR_IEEE_QCN_STATS] = {.len = sizeof(struct ieee_qcn_stats)},
};
-static const struct nla_policy dcbnl_ieee_app[DCB_ATTR_IEEE_APP_MAX + 1] = {
- [DCB_ATTR_IEEE_APP] = {.len = sizeof(struct dcb_app)},
-};
-
/* DCB number of traffic classes nested attributes. */
static const struct nla_policy dcbnl_featcfg_nest[DCB_FEATCFG_ATTR_MAX + 1] = {
[DCB_FEATCFG_ATTR_ALL] = {.type = NLA_FLAG},
@@ -1463,8 +1459,15 @@ static int dcbnl_ieee_set(struct net_device *netdev, struct nlmsghdr *nlh,
nla_for_each_nested(attr, ieee[DCB_ATTR_IEEE_APP_TABLE], rem) {
struct dcb_app *app_data;
+
if (nla_type(attr) != DCB_ATTR_IEEE_APP)
continue;
+
+ if (nla_len(attr) < sizeof(struct dcb_app)) {
+ err = -ERANGE;
+ goto err;
+ }
+
app_data = nla_data(attr);
if (ops->ieee_setapp)
err = ops->ieee_setapp(netdev, app_data);