From: Chen Gang <gang.chen@asianux.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>, netdev <netdev@vger.kernel.org>
Subject: Re: [PATCH] net: ipmr: limit MRT_TABLE identifiers
Date: Mon, 26 Nov 2012 09:22:56 +0800 [thread overview]
Message-ID: <50B2C470.5090802@asianux.com> (raw)
In-Reply-To: <1353872669.30446.863.camel@edumazet-glaptop>
于 2012年11月26日 03:44, Eric Dumazet 写道:
> From: Eric Dumazet <edumazet@google.com>
>
> Name of pimreg devices are built from following format :
>
> char name[IFNAMSIZ]; // IFNAMSIZ == 16
>
> sprintf(name, "pimreg%u", mrt->id);
>
> We must therefore limit mrt->id to 9 decimal digits
> or risk a buffer overflow and a crash.
>
> Restrict table identifiers in [0 ... 999999999] interval.
>
if we have to stick to "pimreg%u" (or will hurt the functional features)
suggest to let user mode know this limitation.
define a macro in public header (user mode can know it) and give comments.
use macro instead of number.
remove the comments which is inside internal function.
thanks.
gchen.
> Reported-by: Chen Gang <gang.chen@asianux.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> ---
> net/ipv4/ipmr.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
> index 6168c4d..3eab2b2 100644
> --- a/net/ipv4/ipmr.c
> +++ b/net/ipv4/ipmr.c
> @@ -1318,6 +1318,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi
> if (get_user(v, (u32 __user *)optval))
> return -EFAULT;
>
> + /* "pimreg%u" should not exceed 16 bytes (IFNAMSIZ) */
> + if (v != RT_TABLE_DEFAULT && v >= 1000000000)
> + return -EINVAL;
> +
> rtnl_lock();
> ret = 0;
> if (sk == rtnl_dereference(mrt->mroute_sk)) {
>
>
>
>
--
Chen Gang
Asianux Corporation
next prev parent reply other threads:[~2012-11-26 1:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-21 9:20 [Suggestion] net/ipv4: sprintf, use "pimreg%.9u" instead of "pimreg%u" Chen Gang
2012-11-25 19:44 ` [PATCH] net: ipmr: limit MRT_TABLE identifiers Eric Dumazet
2012-11-26 1:22 ` Chen Gang [this message]
2012-11-26 1:34 ` Chen Gang
2012-11-26 2:19 ` Eric Dumazet
2012-11-26 2:30 ` Chen Gang
2012-11-26 2:55 ` Eric Dumazet
2012-11-26 3:13 ` Chen Gang
2012-11-26 22:37 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50B2C470.5090802@asianux.com \
--to=gang.chen@asianux.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.