From: ebiederm@xmission.com (Eric W. Biederman)
To: "David S. Miller" <davem@davemloft.net>
Cc: openib-general@openib.org, netdev@vger.kernel.org
Subject: Re: [PATCH] af_packet: Allow for > 8 byte hardware addresses.
Date: Mon, 12 Sep 2005 16:13:23 -0600 [thread overview]
Message-ID: <m1ek7ulyt8.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <20050912.141351.50320521.davem@davemloft.net> (David S. Miller's message of "Mon, 12 Sep 2005 14:13:51 -0700 (PDT)")
"David S. Miller" <davem@davemloft.net> writes:
> From: ebiederm@xmission.com (Eric W. Biederman)
> Date: Sat, 10 Sep 2005 11:25:27 -0600
>
>> @@ -1315,11 +1340,16 @@ packet_setsockopt(struct socket *sock, i
>> case PACKET_ADD_MEMBERSHIP:
>> case PACKET_DROP_MEMBERSHIP:
>> {
>> - struct packet_mreq mreq;
>> - if (optlen<sizeof(mreq))
>> + struct packet_mreq_max mreq;
>> + int len = optlen;
>> + if (len < sizeof(struct packet_mreq))
>> return -EINVAL;
>> - if (copy_from_user(&mreq,optval,sizeof(mreq)))
>> + if (len > sizeof(mreq))
>> + len = sizeof(mreq);
>> + if (copy_from_user(&mreq,optval,len))
>> return -EFAULT;
>
> I would suggest memset()'ing out any packet_mreq_max structure,
> before copying a smaller amount of data into it, just to be
> safe. Please check this out in all such possible uses in
> the patch.
>
> Thanks.
Ok. For that specific case you have quoted the only instance.
In a practical sense it doesn't matter because halen determines
how many of the bytes we actually look at. But if something
is buggy I can see the memset causing the bug to act in a
more deterministic fashion.
Updated patch will follow in a bit.
Eric
next prev parent reply other threads:[~2005-09-12 22:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-11 18:48 [PATCH] sockaddr_ll change for IPoIB interface Hal Rosenstock
2005-08-11 19:49 ` David S. Miller
2005-09-10 17:25 ` [PATCH] af_packet: Allow for > 8 byte hardware addresses Eric W. Biederman
2005-09-12 21:13 ` David S. Miller
2005-09-12 22:13 ` Eric W. Biederman [this message]
2005-09-12 22:45 ` David S. Miller
2005-09-20 17:17 ` Eric W. Biederman
2005-09-21 7:11 ` David S. Miller
2005-09-20 17:18 ` [PATCH] [NET] socket.c: zero socket addresses before use Eric W. Biederman
2005-09-21 7:13 ` David S. Miller
2005-09-21 13:48 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1ek7ulyt8.fsf@ebiederm.dsl.xmission.com \
--to=ebiederm@xmission.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=openib-general@openib.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).