From patchwork Tue Jan 16 22:01:54 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
X-Patchwork-Id: 861914
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3zLkj73Vrnz9ryr
	for <patchwork-incoming@ozlabs.org>;
	Wed, 17 Jan 2018 09:02:19 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751349AbeAPWCR (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Tue, 16 Jan 2018 17:02:17 -0500
Received: from mail-wm0-f68.google.com ([74.125.82.68]:45865 "EHLO
	mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751182AbeAPWCQ (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 16 Jan 2018 17:02:16 -0500
Received: by mail-wm0-f68.google.com with SMTP id i186so11270897wmi.4
	for <netdev@vger.kernel.org>; Tue, 16 Jan 2018 14:02:15 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Rv7mWo+VWdOKZNyV8Dtkuw1cN3g3wIzuAjBCsf4qdLs=;
	b=BJ5oO1hBMRTxj8doH/aHfi6TnpGLzNmNM6b7SbhVoVDoLBNWJkbG+221TCsY772ZO9
	gqlBWYzRtlAal6W21j7JQSReMHNaHPMduV5fyPsSCx1CPbQOPkT+RuX9BsVEM/kBEW/P
	gX1WTlnK2KEM8uwycOAIATOL8n4YByOMuQBLE4otGO+5EVy2O1SIffneWfrmqJjPZWOk
	JnjTT/l46n1F1fCBfEjQ/f3hGCcfNLb091GgRpW5OktnqZoJHclcuszOVDjHL7Ivq2iI
	LyQRKoKxxQMRfgGi44Uln0bpCTxIe+UcCu/tSW6hxCmrWzjzmwQKhn9yQBQ6zOnXmOK9
	PzQg==
X-Gm-Message-State: AKwxytc3vewz+fxagoJkXuAHOyIedhLg6dAzt5Xs4iFSfUP00JVS/wRy
	F/mzLSKnvD/gdE5buDxQoA41MQ==
X-Google-Smtp-Source: 
 ACJfBos2ah7Gnuai1h25rg4Dcyji9050xXjDSN7+b83+ReNBF8uqWGjmVqu5ExzIHRho8NHyPMBweQ==
X-Received: by 10.28.129.212 with SMTP id c203mr396362wmd.98.1516140135105;
	Tue, 16 Jan 2018 14:02:15 -0800 (PST)
Received: from localhost.localdomain.com ([151.66.74.3])
	by smtp.gmail.com with ESMTPSA id
	n6sm4905474wrn.76.2018.01.16.14.02.13
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Tue, 16 Jan 2018 14:02:14 -0800 (PST)
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, jchapman@katalix.com, g.nault@alphalink.fr
Subject: [PATCH v3 net-next 1/4] l2tp: double-check l2specific_type provided
	by userspace
Date: Tue, 16 Jan 2018 23:01:54 +0100
Message-Id: 
 <30a73bf49939a69c8d501a9e131763db16215608.1516138644.git.lorenzo.bianconi@redhat.com>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <cover.1516138644.git.lorenzo.bianconi@redhat.com>
References: <cover.1516138644.git.lorenzo.bianconi@redhat.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Add sanity check on l2specific_type provided by userspace in
l2tp_nl_cmd_session_create() since just L2TP_L2SPECTYPE_DEFAULT and
L2TP_L2SPECTYPE_NONE are currently supported.
Moreover explicitly set l2specific_type to L2TP_L2SPECTYPE_DEFAULT
only if the userspace does not provide a value for it

Reviewed-by: Guillaume Nault <g.nault@alphalink.fr>
Tested-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
---
 net/l2tp/l2tp_netlink.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c
index e1ca29f79821..9ba2b8a68f65 100644
--- a/net/l2tp/l2tp_netlink.c
+++ b/net/l2tp/l2tp_netlink.c
@@ -550,9 +550,16 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
 		if (info->attrs[L2TP_ATTR_DATA_SEQ])
 			cfg.data_seq = nla_get_u8(info->attrs[L2TP_ATTR_DATA_SEQ]);
 
-		cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
-		if (info->attrs[L2TP_ATTR_L2SPEC_TYPE])
+		if (info->attrs[L2TP_ATTR_L2SPEC_TYPE]) {
 			cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]);
+			if (cfg.l2specific_type != L2TP_L2SPECTYPE_DEFAULT &&
+			    cfg.l2specific_type != L2TP_L2SPECTYPE_NONE) {
+				ret = -EINVAL;
+				goto out_tunnel;
+			}
+		} else {
+			cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
+		}
 
 		cfg.l2specific_len = 4;
 		if (info->attrs[L2TP_ATTR_L2SPEC_LEN])