From: Paul Gortmaker <paul.gortmaker@windriver.com>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Allan.Stephens@windriver.com,
Paul Gortmaker <paul.gortmaker@windriver.com>
Subject: [PATCH net-next 15/21] tipc: Abort excessive send requests as early as possible
Date: Tue, 10 May 2011 16:44:31 -0400 [thread overview]
Message-ID: <1305060277-15600-16-git-send-email-paul.gortmaker@windriver.com> (raw)
In-Reply-To: <1305060277-15600-1-git-send-email-paul.gortmaker@windriver.com>
From: Allan Stephens <Allan.Stephens@windriver.com>
Adds checks to TIPC's socket send routines to promptly detect and
abort attempts to send more than 66,000 bytes in a single TIPC
message or more than 2**31-1 bytes in a single TIPC byte stream request.
In addition, this ensures that the number of iovecs in a send request
does not exceed the limits of a standard integer variable.
Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
include/linux/tipc.h | 2 +-
net/tipc/socket.c | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/include/linux/tipc.h b/include/linux/tipc.h
index a5b994a..f2d9009 100644
--- a/include/linux/tipc.h
+++ b/include/linux/tipc.h
@@ -101,7 +101,7 @@ static inline unsigned int tipc_node(__u32 addr)
* Limiting values for messages
*/
-#define TIPC_MAX_USER_MSG_SIZE 66000
+#define TIPC_MAX_USER_MSG_SIZE 66000U
/*
* Message importance levels
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 29d94d5..e1c7917 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -535,6 +535,9 @@ static int send_msg(struct kiocb *iocb, struct socket *sock,
if (unlikely((m->msg_namelen < sizeof(*dest)) ||
(dest->family != AF_TIPC)))
return -EINVAL;
+ if ((total_len > TIPC_MAX_USER_MSG_SIZE) ||
+ (m->msg_iovlen > (unsigned)INT_MAX))
+ return -EMSGSIZE;
if (iocb)
lock_sock(sk);
@@ -640,6 +643,10 @@ static int send_packet(struct kiocb *iocb, struct socket *sock,
if (unlikely(dest))
return send_msg(iocb, sock, m, total_len);
+ if ((total_len > TIPC_MAX_USER_MSG_SIZE) ||
+ (m->msg_iovlen > (unsigned)INT_MAX))
+ return -EMSGSIZE;
+
if (iocb)
lock_sock(sk);
@@ -723,6 +730,12 @@ static int send_stream(struct kiocb *iocb, struct socket *sock,
goto exit;
}
+ if ((total_len > (unsigned)INT_MAX) ||
+ (m->msg_iovlen > (unsigned)INT_MAX)) {
+ res = -EMSGSIZE;
+ goto exit;
+ }
+
/*
* Send each iovec entry using one or more messages
*
--
1.7.4.4
next prev parent reply other threads:[~2011-05-10 20:45 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-10 20:44 [PATCH net-next 00/21] tipc updates for the next round Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 01/21] tipc: Drop __TIME__ usage Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 02/21] tipc: Update comments in message header include file Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 03/21] tipc: Eliminate unused routing message definitions Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 04/21] tipc: Cosmetic consolidation of internal message type definitions Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 05/21] tipc: Remove code to emulate loss of broadcast messages Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 06/21] tipc: Don't initialize link selector field in fragmented messages Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 07/21] tipc: Avoid pointless masking of fragmented message identifier Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 08/21] tipc: Fix issues with fragmentation of an existing message buffer Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 09/21] tipc: Set name lookup scope field properly in all data messages Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 10/21] tipc: Fix problem with bundled multicast message Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 11/21] tipc: Update destination node field on incoming multicast messages Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 12/21] tipc: Fix sk_buff leaks when link congestion is detected Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 13/21] tipc: make zone/cluster mask constants a define Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 14/21] tipc: Strengthen checks for neighboring node discovery Paul Gortmaker
2011-05-10 20:44 ` Paul Gortmaker [this message]
2011-05-10 20:44 ` [PATCH net-next 16/21] tipc: Avoid recomputation of outgoing message length Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 17/21] tipc: Introduce routine to enqueue a chain of messages on link tx queue Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 18/21] tipc: Enhance handling of discovery object creation failures Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 19/21] tipc: Enhance sending of discovery object link request messages Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 20/21] tipc: Add monitoring of number of nodes discovered by bearer Paul Gortmaker
2011-05-10 20:44 ` [PATCH net-next 21/21] tipc: Revise timings used when sending link request messages Paul Gortmaker
2011-05-11 18:01 ` [PATCH net-next 00/21] tipc updates for the next round David Miller
2011-05-11 18:02 ` Stephens, Allan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1305060277-15600-16-git-send-email-paul.gortmaker@windriver.com \
--to=paul.gortmaker@windriver.com \
--cc=Allan.Stephens@windriver.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).