Message ID | 1480339435-15551-1-git-send-email-fgao@ikuai8.com |
---|---|
State | Rejected, archived |
Delegated to: | David Miller |
Headers | show |
On Mon, Nov 28, 2016 at 5:23 AM, <fgao@ikuai8.com> wrote: > From: Gao Feng <fgao@ikuai8.com> > > The ipvlan mode variable "nval" is from userspace, so the ipvlan codes > should check if the mode variable "nval" is valid. > > Signed-off-by: Gao Feng <fgao@ikuai8.com> > --- > drivers/net/ipvlan/ipvlan_main.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c > index ab90b22..537b5a9 100644 > --- a/drivers/net/ipvlan/ipvlan_main.c > +++ b/drivers/net/ipvlan/ipvlan_main.c > @@ -65,6 +65,9 @@ static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval) > struct net_device *mdev = port->dev; > int err = 0; > > + if (nval >= IPVLAN_MODE_MAX) > + return -EINVAL; > + I'm curious to know how you encountered this issue? The values are validated in ipvlan_nl_validate() and it should fail at that time itself. > ASSERT_RTNL(); > if (port->mode != nval) { > if (nval == IPVLAN_MODE_L3S) { > -- > 1.9.1 > >
From: Mahesh Bandewar (महेश बंडेवार) <maheshb@google.com> Date: Mon, 28 Nov 2016 11:02:45 -0800 > On Mon, Nov 28, 2016 at 5:23 AM, <fgao@ikuai8.com> wrote: > >> From: Gao Feng <fgao@ikuai8.com> >> >> The ipvlan mode variable "nval" is from userspace, so the ipvlan codes >> should check if the mode variable "nval" is valid. >> >> Signed-off-by: Gao Feng <fgao@ikuai8.com> >> --- >> drivers/net/ipvlan/ipvlan_main.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_ >> main.c >> index ab90b22..537b5a9 100644 >> --- a/drivers/net/ipvlan/ipvlan_main.c >> +++ b/drivers/net/ipvlan/ipvlan_main.c >> @@ -65,6 +65,9 @@ static int ipvlan_set_port_mode(struct ipvl_port *port, >> u16 nval) >> struct net_device *mdev = port->dev; >> int err = 0; >> >> + if (nval >= IPVLAN_MODE_MAX) >> + return -EINVAL; >> + >> > I'm curious to know how you encountered this issue? The values are > validated in ipvlan_nl_validate() and it should fail at that time itself. I'm not applying this without at least a better explanation.
Hi David & Mahesh, On Tue, Nov 29, 2016 at 4:08 AM, David Miller <davem@davemloft.net> wrote: > From: Mahesh Bandewar (महेश बंडेवार) <maheshb@google.com> > Date: Mon, 28 Nov 2016 11:02:45 -0800 > >> On Mon, Nov 28, 2016 at 5:23 AM, <fgao@ikuai8.com> wrote: >> >>> From: Gao Feng <fgao@ikuai8.com> >>> >>> The ipvlan mode variable "nval" is from userspace, so the ipvlan codes >>> should check if the mode variable "nval" is valid. >>> >>> Signed-off-by: Gao Feng <fgao@ikuai8.com> >>> --- >>> drivers/net/ipvlan/ipvlan_main.c | 3 +++ >>> 1 file changed, 3 insertions(+) >>> >>> diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_ >>> main.c >>> index ab90b22..537b5a9 100644 >>> --- a/drivers/net/ipvlan/ipvlan_main.c >>> +++ b/drivers/net/ipvlan/ipvlan_main.c >>> @@ -65,6 +65,9 @@ static int ipvlan_set_port_mode(struct ipvl_port *port, >>> u16 nval) >>> struct net_device *mdev = port->dev; >>> int err = 0; >>> >>> + if (nval >= IPVLAN_MODE_MAX) >>> + return -EINVAL; >>> + >>> >> I'm curious to know how you encountered this issue? The values are >> validated in ipvlan_nl_validate() and it should fail at that time itself. > > I'm not applying this without at least a better explanation. Sorry, I didn't find the function "ipvlan_nl_validate" during reading the ipvlan codes. Regards Feng
diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c index ab90b22..537b5a9 100644 --- a/drivers/net/ipvlan/ipvlan_main.c +++ b/drivers/net/ipvlan/ipvlan_main.c @@ -65,6 +65,9 @@ static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval) struct net_device *mdev = port->dev; int err = 0; + if (nval >= IPVLAN_MODE_MAX) + return -EINVAL; + ASSERT_RTNL(); if (port->mode != nval) { if (nval == IPVLAN_MODE_L3S) {