[ 45/71] rtnetlink: fix rtnl_calcit() and rtnl_dump_ifinfo()

From: Greg Kroah-Hartman
Date: Tue Jan 15 2013 - 18:04:50 EST

Next message: Greg Kroah-Hartman: "[ 44/71] rtnetlink: Fix problem with buffer allocation"
Previous message: Greg Kroah-Hartman: "[ 46/71] epoll: prevent missed events on EPOLL_CTL_MOD"
In reply to: Greg Kroah-Hartman: "[ 46/71] epoll: prevent missed events on EPOLL_CTL_MOD"
Next in thread: Greg Kroah-Hartman: "[ 44/71] rtnetlink: Fix problem with buffer allocation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.0-stable review patch. If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <eric.dumazet@xxxxxxxxx>

commit a4b64fbe482c7766f7925f03067fc637716bfa3f upstream.

nlmsg_parse() might return an error, so test its return value before
potential random memory accesses.

Errors introduced in commit 115c9b81928 (rtnetlink: Fix problem with
buffer allocation)

Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Acked-by: Greg Rose <gregory.v.rose@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Cc: Ben Hutchings <bhutchings@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/core/rtnetlink.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)

--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1044,11 +1044,12 @@ static int rtnl_dump_ifinfo(struct sk_bu

rcu_read_lock();

- nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
- ifla_policy);
+ if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
+ ifla_policy) >= 0) {

- if (tb[IFLA_EXT_MASK])
- ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+ }

for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
@@ -1874,10 +1875,11 @@ static u16 rtnl_calcit(struct sk_buff *s
u32 ext_filter_mask = 0;
u16 min_ifinfo_dump_size = 0;

- nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, ifla_policy);
-
- if (tb[IFLA_EXT_MASK])
- ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+ if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
+ ifla_policy) >= 0) {
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+ }

if (!ext_filter_mask)
return NLMSG_GOODSIZE;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "[ 44/71] rtnetlink: Fix problem with buffer allocation"
Previous message: Greg Kroah-Hartman: "[ 46/71] epoll: prevent missed events on EPOLL_CTL_MOD"
In reply to: Greg Kroah-Hartman: "[ 46/71] epoll: prevent missed events on EPOLL_CTL_MOD"
Next in thread: Greg Kroah-Hartman: "[ 44/71] rtnetlink: Fix problem with buffer allocation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]