[PATCH] PKT_SCHED: validate policer configuration TLVs

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] PKT_SCHED: validate policer configuration TLVs
@ 2004-12-07 17:23 Thomas Graf
  2004-12-08  5:32 ` David S. Miller
  0 siblings, 1 reply; 4+ messages in thread
From: Thomas Graf @ 2004-12-07 17:23 UTC (permalink / raw)
  To: David S. Miller; +Cc: netdev

Adds TLV size sanity checks for policer configuration. 

Signed-off-by: Thomas Graf <tgraf@suug.ch>

--- linux-2.6.10-rc2-bk13.orig/net/sched/police.c	2004-11-30 14:01:12.000000000 +0100
+++ linux-2.6.10-rc2-bk13/net/sched/police.c	2004-12-07 17:24:01.000000000 +0100
@@ -180,7 +180,8 @@
 	if (rtattr_parse(tb, TCA_POLICE_MAX, RTA_DATA(rta), RTA_PAYLOAD(rta)) < 0)
 		return -1;
 
-	if (tb[TCA_POLICE_TBF-1] == NULL)
+	if (tb[TCA_POLICE_TBF-1] == NULL ||
+	    RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm))
 		return -1;
 
 	parm = RTA_DATA(tb[TCA_POLICE_TBF-1]);
@@ -220,11 +221,17 @@
 			goto failure;
 		}
 	}
-	if (tb[TCA_POLICE_RESULT-1])
+	if (tb[TCA_POLICE_RESULT-1]) {
+		if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32))
+			goto failure;
 		p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]);
+	}
 #ifdef CONFIG_NET_ESTIMATOR
-	if (tb[TCA_POLICE_AVRATE-1])
+	if (tb[TCA_POLICE_AVRATE-1]) {
+		if (RTA_PAYLOAD(tb[TCA_POLICE_AVRATE-1]) != sizeof(u32))
+			goto failure;
 		p->ewma_rate = *(u32*)RTA_DATA(tb[TCA_POLICE_AVRATE-1]);
+	}
 #endif
 	p->toks = p->burst = parm->burst;
 	p->mtu = parm->mtu;
@@ -424,7 +431,8 @@
 	if (rtattr_parse(tb, TCA_POLICE_MAX, RTA_DATA(rta), RTA_PAYLOAD(rta)) < 0)
 		return NULL;
 
-	if (tb[TCA_POLICE_TBF-1] == NULL)
+	if (tb[TCA_POLICE_TBF-1] == NULL ||
+	    RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm))
 		return NULL;
 
 	parm = RTA_DATA(tb[TCA_POLICE_TBF-1]);
@@ -449,11 +457,17 @@
 		    (p->P_tab = qdisc_get_rtab(&parm->peakrate, tb[TCA_POLICE_PEAKRATE-1])) == NULL)
 			goto failure;
 	}
-	if (tb[TCA_POLICE_RESULT-1])
+	if (tb[TCA_POLICE_RESULT-1]) {
+		if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32))
+			goto failure;
 		p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]);
+	}
 #ifdef CONFIG_NET_ESTIMATOR
-	if (tb[TCA_POLICE_AVRATE-1])
+	if (tb[TCA_POLICE_AVRATE-1]) {
+		if (RTA_PAYLOAD(tb[TCA_POLICE_AVRATE-1]) != sizeof(u32))
+			goto failure;
 		p->ewma_rate = *(u32*)RTA_DATA(tb[TCA_POLICE_AVRATE-1]);
+	}
 #endif
 	p->toks = p->burst = parm->burst;
 	p->mtu = parm->mtu;

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] PKT_SCHED: validate policer configuration TLVs
  2004-12-07 17:23 [PATCH] PKT_SCHED: validate policer configuration TLVs Thomas Graf
@ 2004-12-08  5:32 ` David S. Miller
  2004-12-08 20:39   ` Thomas Graf
  0 siblings, 1 reply; 4+ messages in thread
From: David S. Miller @ 2004-12-08  5:32 UTC (permalink / raw)
  To: Thomas Graf; +Cc: netdev

On Tue, 7 Dec 2004 18:23:49 +0100
Thomas Graf <tgraf@suug.ch> wrote:

> Adds TLV size sanity checks for policer configuration. 

Hmmm...

> -	if (tb[TCA_POLICE_RESULT-1])
> +	if (tb[TCA_POLICE_RESULT-1]) {
> +		if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32))
> +			goto failure;
>  		p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]);
> +	}

Either these things are int's or u32's, they cannot be both :-)
I know that size wise it's identical, but at least make the code
look consistent.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] PKT_SCHED: validate policer configuration TLVs
  2004-12-08  5:32 ` David S. Miller
@ 2004-12-08 20:39   ` Thomas Graf
  2004-12-28  2:34     ` David S. Miller
  0 siblings, 1 reply; 4+ messages in thread
From: Thomas Graf @ 2004-12-08 20:39 UTC (permalink / raw)
  To: David S. Miller; +Cc: netdev

> Either these things are int's or u32's, they cannot be both :-)
> I know that size wise it's identical, but at least make the code
> look consistent.

OK, I changed the dereferencing to use u32 as well and have it "casted"
while assigning the value since changing the structure datatypes
wouldn't make sense.

Signed-off-by: Thomas Graf <tgraf@suug.ch>

--- linux-2.6.10-rc2-bk13.orig/net/sched/police.c	2004-11-30 14:01:12.000000000 +0100
+++ linux-2.6.10-rc2-bk13/net/sched/police.c	2004-12-08 19:45:36.000000000 +0100
@@ -180,7 +180,8 @@
 	if (rtattr_parse(tb, TCA_POLICE_MAX, RTA_DATA(rta), RTA_PAYLOAD(rta)) < 0)
 		return -1;
 
-	if (tb[TCA_POLICE_TBF-1] == NULL)
+	if (tb[TCA_POLICE_TBF-1] == NULL ||
+	    RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm))
 		return -1;
 
 	parm = RTA_DATA(tb[TCA_POLICE_TBF-1]);
@@ -220,11 +221,17 @@
 			goto failure;
 		}
 	}
-	if (tb[TCA_POLICE_RESULT-1])
-		p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]);
+	if (tb[TCA_POLICE_RESULT-1]) {
+		if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32))
+			goto failure;
+		p->result = *(u32*)RTA_DATA(tb[TCA_POLICE_RESULT-1]);
+	}
 #ifdef CONFIG_NET_ESTIMATOR
-	if (tb[TCA_POLICE_AVRATE-1])
+	if (tb[TCA_POLICE_AVRATE-1]) {
+		if (RTA_PAYLOAD(tb[TCA_POLICE_AVRATE-1]) != sizeof(u32))
+			goto failure;
 		p->ewma_rate = *(u32*)RTA_DATA(tb[TCA_POLICE_AVRATE-1]);
+	}
 #endif
 	p->toks = p->burst = parm->burst;
 	p->mtu = parm->mtu;
@@ -424,7 +431,8 @@
 	if (rtattr_parse(tb, TCA_POLICE_MAX, RTA_DATA(rta), RTA_PAYLOAD(rta)) < 0)
 		return NULL;
 
-	if (tb[TCA_POLICE_TBF-1] == NULL)
+	if (tb[TCA_POLICE_TBF-1] == NULL ||
+	    RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm))
 		return NULL;
 
 	parm = RTA_DATA(tb[TCA_POLICE_TBF-1]);
@@ -449,11 +457,17 @@
 		    (p->P_tab = qdisc_get_rtab(&parm->peakrate, tb[TCA_POLICE_PEAKRATE-1])) == NULL)
 			goto failure;
 	}
-	if (tb[TCA_POLICE_RESULT-1])
-		p->result = *(int*)RTA_DATA(tb[TCA_POLICE_RESULT-1]);
+	if (tb[TCA_POLICE_RESULT-1]) {
+		if (RTA_PAYLOAD(tb[TCA_POLICE_RESULT-1]) != sizeof(u32))
+			goto failure;
+		p->result = *(u32*)RTA_DATA(tb[TCA_POLICE_RESULT-1]);
+	}
 #ifdef CONFIG_NET_ESTIMATOR
-	if (tb[TCA_POLICE_AVRATE-1])
+	if (tb[TCA_POLICE_AVRATE-1]) {
+		if (RTA_PAYLOAD(tb[TCA_POLICE_AVRATE-1]) != sizeof(u32))
+			goto failure;
 		p->ewma_rate = *(u32*)RTA_DATA(tb[TCA_POLICE_AVRATE-1]);
+	}
 #endif
 	p->toks = p->burst = parm->burst;
 	p->mtu = parm->mtu;

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] PKT_SCHED: validate policer configuration TLVs
  2004-12-08 20:39   ` Thomas Graf
@ 2004-12-28  2:34     ` David S. Miller
  0 siblings, 0 replies; 4+ messages in thread
From: David S. Miller @ 2004-12-28  2:34 UTC (permalink / raw)
  To: Thomas Graf; +Cc: netdev

On Wed, 8 Dec 2004 21:39:42 +0100
Thomas Graf <tgraf@suug.ch> wrote:

> > Either these things are int's or u32's, they cannot be both :-)
> > I know that size wise it's identical, but at least make the code
> > look consistent.
> 
> OK, I changed the dereferencing to use u32 as well and have it "casted"
> while assigning the value since changing the structure datatypes
> wouldn't make sense.
> 
> Signed-off-by: Thomas Graf <tgraf@suug.ch>

Applied, thanks Thomas.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2004-12-28  2:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-07 17:23 [PATCH] PKT_SCHED: validate policer configuration TLVs Thomas Graf
2004-12-08  5:32 ` David S. Miller
2004-12-08 20:39   ` Thomas Graf
2004-12-28  2:34     ` David S. Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).