[patch] ip6mr: limit IPv6 MRT

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [patch] ip6mr: limit IPv6 MRT_TABLE identifiers
@ 2013-01-24  6:38 Dan Carpenter
  2013-01-24  8:22 ` walter harms
  2013-01-28  0:31 ` David Miller
  0 siblings, 2 replies; 4+ messages in thread
From: Dan Carpenter @ 2013-01-24  6:38 UTC (permalink / raw)
  To: David S. Miller
  Cc: Alexey Kuznetsov, James Morris, Hideaki YOSHIFUJI,
	Patrick McHardy, netdev, kernel-janitors

We did this for IPv4 in b49d3c1e1c "net: ipmr: limit MRT_TABLE
identifiers" but we need to do it for IPv6 as well.  On IPv6 the name
is "pim6reg" instead of "pimreg" so there is one less digit allowed.

The strcpy() is in ip6mr_reg_vif().

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index acc3249..351ce98 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1766,6 +1766,9 @@ int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, uns
 			return -EINVAL;
 		if (get_user(v, (u32 __user *)optval))
 			return -EFAULT;
+		/* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
+		if (v != RT_TABLE_DEFAULT && v >= 100000000)
+			return -EINVAL;
 		if (sk == mrt->mroute6_sk)
 			return -EBUSY;
 

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [patch] ip6mr: limit IPv6 MRT_TABLE identifiers
  2013-01-24  6:38 [patch] ip6mr: limit IPv6 MRT_TABLE identifiers Dan Carpenter
@ 2013-01-24  8:22 ` walter harms
  2013-01-24  9:01   ` Dan Carpenter
  2013-01-28  0:31 ` David Miller
  1 sibling, 1 reply; 4+ messages in thread
From: walter harms @ 2013-01-24  8:22 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: David S. Miller, Alexey Kuznetsov, James Morris,
	Hideaki YOSHIFUJI, Patrick McHardy, netdev, kernel-janitors



Am 24.01.2013 07:38, schrieb Dan Carpenter:
> We did this for IPv4 in b49d3c1e1c "net: ipmr: limit MRT_TABLE
> identifiers" but we need to do it for IPv6 as well.  On IPv6 the name
> is "pim6reg" instead of "pimreg" so there is one less digit allowed.
> 
> The strcpy() is in ip6mr_reg_vif().
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
> index acc3249..351ce98 100644
> --- a/net/ipv6/ip6mr.c
> +++ b/net/ipv6/ip6mr.c
> @@ -1766,6 +1766,9 @@ int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, uns
>  			return -EINVAL;
>  		if (get_user(v, (u32 __user *)optval))
>  			return -EFAULT;
> +		/* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
> +		if (v != RT_TABLE_DEFAULT && v >= 100000000)
> +			return -EINVAL;
>  		if (sk == mrt->mroute6_sk)
>  			return -EBUSY;
>  
hi Dan,
that comment left me in a bit confused, i guess you men
  printf( "pim6reg%u",v) should not exceed IFNAMSIZ (16 bytes) ?
also the if is a bit strange, i assume that RT_TABLE_DEFAULT is const
so anything else is rejected than v==RT_TABLE_DEFAULT
(assuming that RT_TABLE_DEFAULT >= 100000000 ....)

re,
 wh


> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [patch] ip6mr: limit IPv6 MRT_TABLE identifiers
  2013-01-24  8:22 ` walter harms
@ 2013-01-24  9:01   ` Dan Carpenter
  0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2013-01-24  9:01 UTC (permalink / raw)
  To: walter harms
  Cc: David S. Miller, Alexey Kuznetsov, James Morris,
	Hideaki YOSHIFUJI, Patrick McHardy, netdev, kernel-janitors

On Thu, Jan 24, 2013 at 09:22:56AM +0100, walter harms wrote:
> 
> 
> Am 24.01.2013 07:38, schrieb Dan Carpenter:
> > We did this for IPv4 in b49d3c1e1c "net: ipmr: limit MRT_TABLE
> > identifiers" but we need to do it for IPv6 as well.  On IPv6 the name
> > is "pim6reg" instead of "pimreg" so there is one less digit allowed.
> > 
> > The strcpy() is in ip6mr_reg_vif().
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > 
> > diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
> > index acc3249..351ce98 100644
> > --- a/net/ipv6/ip6mr.c
> > +++ b/net/ipv6/ip6mr.c
> > @@ -1766,6 +1766,9 @@ int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, uns
> >  			return -EINVAL;
> >  		if (get_user(v, (u32 __user *)optval))
> >  			return -EFAULT;
> > +		/* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
> > +		if (v != RT_TABLE_DEFAULT && v >= 100000000)
> > +			return -EINVAL;
> >  		if (sk == mrt->mroute6_sk)
> >  			return -EBUSY;
> >  
> hi Dan,
> that comment left me in a bit confused, i guess you men
>   printf( "pim6reg%u",v) should not exceed IFNAMSIZ (16 bytes) ?

Yes.

> also the if is a bit strange, i assume that RT_TABLE_DEFAULT is const
> so anything else is rejected than v==RT_TABLE_DEFAULT
> (assuming that RT_TABLE_DEFAULT >= 100000000 ....)

I don't understand what you are saying.

The patch is basically copy and pasted from b49d3c1e1c "net: ipmr:
limit MRT_TABLE identifiers".  RT6_TABLE_DFLT is allowed to be a
high number because in ip6mr_reg_vif() we do:

        if (mrt->id == RT6_TABLE_DFLT)
                sprintf(name, "pim6reg");
        else
                sprintf(name, "pim6reg%u", mrt->id);

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [patch] ip6mr: limit IPv6 MRT_TABLE identifiers
  2013-01-24  6:38 [patch] ip6mr: limit IPv6 MRT_TABLE identifiers Dan Carpenter
  2013-01-24  8:22 ` walter harms
@ 2013-01-28  0:31 ` David Miller
  1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2013-01-28  0:31 UTC (permalink / raw)
  To: dan.carpenter; +Cc: kuznet, jmorris, yoshfuji, kaber, netdev, kernel-janitors

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 24 Jan 2013 09:38:34 +0300

> We did this for IPv4 in b49d3c1e1c "net: ipmr: limit MRT_TABLE
> identifiers" but we need to do it for IPv6 as well.  On IPv6 the name
> is "pim6reg" instead of "pimreg" so there is one less digit allowed.
> 
> The strcpy() is in ip6mr_reg_vif().
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Applied, thanks Dan.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2013-01-28  0:31 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-24  6:38 [patch] ip6mr: limit IPv6 MRT_TABLE identifiers Dan Carpenter
2013-01-24  8:22 ` walter harms
2013-01-24  9:01   ` Dan Carpenter
2013-01-28  0:31 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).