From: Varka Bhadram <varkabhadram@gmail.com>
To: Christoph Schulz <develop@kristov.de>, netdev@vger.kernel.org
Cc: linux-ppp@vger.kernel.org, paulus@samba.org, isdn@linux-pingi.de
Subject: Re: [PATCH net 1/1] net: ppp: fix creating PPP pass and active filters
Date: Sun, 13 Jul 2014 20:24:34 +0530 [thread overview]
Message-ID: <53C29DAA.8020405@gmail.com> (raw)
In-Reply-To: <53C28297.4080507@kristov.de>
On Sunday 13 July 2014 06:29 PM, Christoph Schulz wrote:
> From: Christoph Schulz <develop@kristov.de>
>
> Commit 568f194e8bd16c353ad50f9ab95d98b20578a39d ("net: ppp: use
> sk_unattached_filter api") inadvertently changed the logic when setting
> PPP pass and active filters. This applies to both the generic PPP subsystem
> implemented by drivers/net/ppp/ppp_generic.c and the ISDN PPP subsystem
> implemented by drivers/isdn/i4l/isdn_ppp.c. The original code in ppp_ioctl()
> (or isdn_ppp_ioctl(), resp.) handling PPPIOCSPASS and PPPIOCSACTIVE allowed to
> remove a pass/active filter previously set by using a filter of length zero.
> However, with the new code this is not possible anymore as this case is not
> explicitly checked for, which leads to passing NULL as a filter to
> sk_unattached_filter_create(). This results in returning EINVAL to the caller.
>
> Additionally, the variables ppp->pass_filter and ppp->active_filter (or
> is->pass_filter and is->active_filter, resp.) are not reset to NULL, although
> the filters they point to may have been destroyed by
> sk_unattached_filter_destroy(), so in this EINVAL case dangling pointers are
> left behind (provided the pointers were previously non-NULL).
>
> This patch corrects both problems by checking whether the filter passed is
> empty or non-empty, and prevents sk_unattached_filter_create() from being
> called in the first case. Moreover, the pointers are always reset to NULL
> as soon as sk_unattached_filter_destroy() returns.
>
> Signed-off-by: Christoph Schulz <develop@kristov.de>
> ---
> diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
> index 61ac632..cd2f4c3 100644
> --- a/drivers/isdn/i4l/isdn_ppp.c
> +++ b/drivers/isdn/i4l/isdn_ppp.c
> @@ -644,9 +644,15 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
> fprog.len = len;
> fprog.filter = code;
>
> - if (is->pass_filter)
> + if (is->pass_filter) {
> sk_unattached_filter_destroy(is->pass_filter);
> - err = sk_unattached_filter_create(&is->pass_filter, &fprog);
> + is->pass_filter = NULL;
> + }
> + if (fprog.filter != NULL)
> + err = sk_unattached_filter_create(&is->pass_filter,
> + &fprog);
> + else
> + err = 0;
> kfree(code);
>
> return err;
> @@ -663,9 +669,15 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
> fprog.len = len;
> fprog.filter = code;
>
> - if (is->active_filter)
> + if (is->active_filter) {
> sk_unattached_filter_destroy(is->active_filter);
> - err = sk_unattached_filter_create(&is->active_filter, &fprog);
> + is->active_filter = NULL;
> + }
> + if (fprog.filter != NULL)
> + err = sk_unattached_filter_create(&is->active_filter,
> + &fprog);
> + else
> + err = 0;
> kfree(code);
>
> return err;
> diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
> index 91d6c12..d0f6f93 100644
> --- a/drivers/net/ppp/ppp_generic.c
> +++ b/drivers/net/ppp/ppp_generic.c
> @@ -763,10 +763,15 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> };
>
> ppp_lock(ppp);
> - if (ppp->pass_filter)
> + if (ppp->pass_filter) {
> sk_unattached_filter_destroy(ppp->pass_filter);
> - err = sk_unattached_filter_create(&ppp->pass_filter,
> - &fprog);
> + ppp->pass_filter = NULL;
> + }
> + if (fprog.filter != NULL)
> + err = sk_unattached_filter_create(&ppp->pass_filter,
> + &fprog);
> + else
> + err = 0;
> kfree(code);
> ppp_unlock(ppp);
> }
> @@ -784,10 +789,15 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> };
>
> ppp_lock(ppp);
> - if (ppp->active_filter)
> + if (ppp->active_filter) {
> sk_unattached_filter_destroy(ppp->active_filter);
> - err = sk_unattached_filter_create(&ppp->active_filter,
> - &fprog);
> + ppp->active_filter = NULL;
> + }
> + if (fprog.filter != NULL)
> + err = sk_unattached_filter_create(&ppp->active_filter,
> + &fprog);
> + else
> + err = 0;
> kfree(code);
> ppp_unlock(ppp);
> }
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
checkpatch warnings on this patch
--
Regards,
Varka Bhadram
next prev parent reply other threads:[~2014-07-13 14:54 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-13 12:59 [PATCH net 1/1] net: ppp: fix creating PPP pass and active filters Christoph Schulz
2014-07-13 14:54 ` Varka Bhadram [this message]
2014-07-13 16:07 ` Christoph Schulz
2014-07-13 18:51 ` Daniel Borkmann
2014-07-15 4:54 ` Christoph Schulz
2014-07-15 5:18 ` Varka Bhadram
2014-07-15 6:35 ` Christoph Schulz
2014-07-15 6:59 ` Daniel Borkmann
2014-07-15 15:38 ` Alexei Starovoitov
2014-07-16 18:47 ` Christoph Schulz
2014-07-16 19:40 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53C29DAA.8020405@gmail.com \
--to=varkabhadram@gmail.com \
--cc=develop@kristov.de \
--cc=isdn@linux-pingi.de \
--cc=linux-ppp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).