summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2005-12-27 13:57:59 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>2005-12-27 13:57:59 -0800
commit1b93ae64cabe5e28dd5a1f35f96f938ca4f6ae20 (patch)
treea8c5c7d08e6c658853245ad0b0cf47f0af1ff83d /net
parent6732badee0dad467fcc9dd0168af8677b2b1bc2f (diff)
downloadlinux-1b93ae64cabe5e28dd5a1f35f96f938ca4f6ae20.tar.gz
linux-1b93ae64cabe5e28dd5a1f35f96f938ca4f6ae20.tar.bz2
linux-1b93ae64cabe5e28dd5a1f35f96f938ca4f6ae20.zip
[NET]: Validate socket filters against BPF_MAXINSNS in one spot.
Currently the checks are scattered all over and this leads to inconsistencies and even cases where the check is not made. Based upon a patch from Kris Katterjohn. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/core/filter.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/core/filter.c b/net/core/filter.c
index 2841bfce29d6..3a10e0bc90e8 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -293,7 +293,7 @@ int sk_chk_filter(struct sock_filter *filter, int flen)
struct sock_filter *ftest;
int pc;
- if (((unsigned int)flen >= (~0U / sizeof(struct sock_filter))) || flen == 0)
+ if (flen == 0 || flen > BPF_MAXINSNS)
return -EINVAL;
/* check the filter code now */
@@ -360,7 +360,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)
int err;
/* Make sure new filter is there and in the right amounts. */
- if (fprog->filter == NULL || fprog->len > BPF_MAXINSNS)
+ if (fprog->filter == NULL)
return -EINVAL;
fp = sock_kmalloc(sk, fsize+sizeof(*fp), GFP_KERNEL);