Message ID | 20121207111045.GA9676@elgon.mountain |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Am 07.12.2012 12:10, schrieb Dan Carpenter: > We pass IFLA_BRPORT_MAX to nla_parse_nested() so we need > IFLA_BRPORT_MAX + 1 elements. Also Smatch complains that we read past > the end of the array when in br_set_port_flag() when it's called with > IFLA_BRPORT_FAST_LEAVE. > I have no clue why nla_parse_nested() need IFLA_BRPORT_MAX elements. but the majory of loop look like for(i=0;i<max;++) most programmers will think this way. So it seems the place to fix is nla_parse_nested(). doing not so is asking for trouble (in the long run). At least this function needs a big warning label that (max-1) is actually needed. just my two cents, wh > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > v2: Style tweak. > > Only needed in linux-next. > > diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c > index 850b7d1..cfc5cfe 100644 > --- a/net/bridge/br_netlink.c > +++ b/net/bridge/br_netlink.c > @@ -239,7 +239,7 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh) > struct ifinfomsg *ifm; > struct nlattr *protinfo; > struct net_bridge_port *p; > - struct nlattr *tb[IFLA_BRPORT_MAX]; > + struct nlattr *tb[IFLA_BRPORT_MAX + 1]; > int err; > > ifm = nlmsg_data(nlh); > > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
----- Original Message ----- > We pass IFLA_BRPORT_MAX to nla_parse_nested() so we need > IFLA_BRPORT_MAX + 1 elements. Also Smatch complains that we read > past > the end of the array when in br_set_port_flag() when it's called with > IFLA_BRPORT_FAST_LEAVE. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > v2: Style tweak. > > Only needed in linux-next. > > diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c > index 850b7d1..cfc5cfe 100644 > --- a/net/bridge/br_netlink.c > +++ b/net/bridge/br_netlink.c > @@ -239,7 +239,7 @@ int br_setlink(struct net_device *dev, struct > nlmsghdr *nlh) > struct ifinfomsg *ifm; > struct nlattr *protinfo; > struct net_bridge_port *p; > - struct nlattr *tb[IFLA_BRPORT_MAX]; > + struct nlattr *tb[IFLA_BRPORT_MAX + 1]; > int err; > > ifm = nlmsg_data(nlh); > > Acked-by: Stephen Hemminger <shemminger@vyatta.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Dec 07, 2012 at 05:07:24PM +0100, walter harms wrote: > > > Am 07.12.2012 12:10, schrieb Dan Carpenter: > > We pass IFLA_BRPORT_MAX to nla_parse_nested() so we need > > IFLA_BRPORT_MAX + 1 elements. Also Smatch complains that we read past > > the end of the array when in br_set_port_flag() when it's called with > > IFLA_BRPORT_FAST_LEAVE. > > > > > > I have no clue why nla_parse_nested() need IFLA_BRPORT_MAX elements. > but the majory of loop look like > for(i=0;i<max;++) > most programmers will think this way. > So it seems the place to fix is nla_parse_nested(). > doing not so is asking for trouble (in the long run). > At least this function needs a big warning label that (max-1) > is actually needed. > Yeah, nla_parse_nested() is actually documented already. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Am 07.12.2012 19:53, schrieb Dan Carpenter: > On Fri, Dec 07, 2012 at 05:07:24PM +0100, walter harms wrote: >> >> >> Am 07.12.2012 12:10, schrieb Dan Carpenter: >>> We pass IFLA_BRPORT_MAX to nla_parse_nested() so we need >>> IFLA_BRPORT_MAX + 1 elements. Also Smatch complains that we read past >>> the end of the array when in br_set_port_flag() when it's called with >>> IFLA_BRPORT_FAST_LEAVE. >>> >> >> >> >> I have no clue why nla_parse_nested() need IFLA_BRPORT_MAX elements. >> but the majory of loop look like >> for(i=0;i<max;++) >> most programmers will think this way. >> So it seems the place to fix is nla_parse_nested(). >> doing not so is asking for trouble (in the long run). >> At least this function needs a big warning label that (max-1) >> is actually needed. >> > > Yeah, nla_parse_nested() is actually documented already. > documenting unexspected behavier is not as much helpfull as changing it. just my 2 cents, wh -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Dan Carpenter <dan.carpenter@oracle.com> Date: Fri, 7 Dec 2012 14:10:46 +0300 > We pass IFLA_BRPORT_MAX to nla_parse_nested() so we need > IFLA_BRPORT_MAX + 1 elements. Also Smatch complains that we read past > the end of the array when in br_set_port_flag() when it's called with > IFLA_BRPORT_FAST_LEAVE. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 850b7d1..cfc5cfe 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -239,7 +239,7 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh) struct ifinfomsg *ifm; struct nlattr *protinfo; struct net_bridge_port *p; - struct nlattr *tb[IFLA_BRPORT_MAX]; + struct nlattr *tb[IFLA_BRPORT_MAX + 1]; int err; ifm = nlmsg_data(nlh);
We pass IFLA_BRPORT_MAX to nla_parse_nested() so we need IFLA_BRPORT_MAX + 1 elements. Also Smatch complains that we read past the end of the array when in br_set_port_flag() when it's called with IFLA_BRPORT_FAST_LEAVE. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- v2: Style tweak. Only needed in linux-next. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html