From: Greg Rose <gregory.v.rose@intel.com>
To: Ben Hutchings <bhutchings@solarflare.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <eric.dumazet@gmail.com>, <stable@vger.kernel.org>,
<e1000-devel@lists.sourceforge.net>, <netdev@vger.kernel.org>,
<linux-net-drivers@solarflare.com>
Subject: Re: [PATCH 3.0.y 3/3] rtnetlink: fix rtnl_calcit() and rtnl_dump_ifinfo()
Date: Fri, 4 Jan 2013 10:40:28 -0800 [thread overview]
Message-ID: <20130104104028.000019ea@unknown> (raw)
In-Reply-To: <1357259662.2685.63.camel@bwh-desktop.uk.solarflarecom.com>
On Fri, 4 Jan 2013 00:34:22 +0000
Ben Hutchings <bhutchings@solarflare.com> wrote:
> From: Eric Dumazet <eric.dumazet@gmail.com>
>
> commit a4b64fbe482c7766f7925f03067fc637716bfa3f upstream.
>
> nlmsg_parse() might return an error, so test its return value before
> potential random memory accesses.
>
> Errors introduced in commit 115c9b81928 (rtnetlink: Fix problem with
> buffer allocation)
>
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
> Cc: Greg Rose <gregory.v.rose@intel.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Greg Rose <gregory.v.rose@intel.com>
> ---
> net/core/rtnetlink.c | 18 ++++++++++--------
> 1 files changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index e41ce2a..49f281e 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -1044,11 +1044,12 @@ static int rtnl_dump_ifinfo(struct sk_buff
> *skb, struct netlink_callback *cb)
> rcu_read_lock();
>
> - nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
> - ifla_policy);
> + if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb,
> IFLA_MAX,
> + ifla_policy) >= 0) {
>
> - if (tb[IFLA_EXT_MASK])
> - ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
> + if (tb[IFLA_EXT_MASK])
> + ext_filter_mask =
> nla_get_u32(tb[IFLA_EXT_MASK]);
> + }
>
> for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
> idx = 0;
> @@ -1874,10 +1875,11 @@ static u16 rtnl_calcit(struct sk_buff *skb,
> struct nlmsghdr *nlh) u32 ext_filter_mask = 0;
> u16 min_ifinfo_dump_size = 0;
>
> - nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
> ifla_policy); -
> - if (tb[IFLA_EXT_MASK])
> - ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
> + if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
> + ifla_policy) >= 0) {
> + if (tb[IFLA_EXT_MASK])
> + ext_filter_mask =
> nla_get_u32(tb[IFLA_EXT_MASK]);
> + }
>
> if (!ext_filter_mask)
> return NLMSG_GOODSIZE;
>
next prev parent reply other threads:[~2013-01-04 18:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-04 0:30 [PATCH 3.0.y 0/3] rtnetlink: Fix problem with buffer allocation Ben Hutchings
2013-01-04 0:32 ` [PATCH 3.0.y 1/3] rtnetlink: Compute and store minimum ifinfo dump size Ben Hutchings
2013-01-04 0:33 ` [PATCH 3.0.y 2/3] rtnetlink: Fix problem with buffer allocation Ben Hutchings
2013-01-04 18:39 ` Greg Rose
2013-01-04 0:34 ` [PATCH 3.0.y 3/3] rtnetlink: fix rtnl_calcit() and rtnl_dump_ifinfo() Ben Hutchings
2013-01-04 18:40 ` Greg Rose [this message]
2013-01-04 0:36 ` [PATCH 3.0.y 0/3] rtnetlink: Fix problem with buffer allocation David Miller
2013-01-14 21:04 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130104104028.000019ea@unknown \
--to=gregory.v.rose@intel.com \
--cc=bhutchings@solarflare.com \
--cc=davem@davemloft.net \
--cc=e1000-devel@lists.sourceforge.net \
--cc=eric.dumazet@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-net-drivers@solarflare.com \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.