* [PATCH net] net/sched: act_simple: fix parsing of TCA_DEFDATA
@ 2018-06-07 13:46 Davide Caratti
2018-06-08 2:07 ` Hangbin Liu
0 siblings, 1 reply; 3+ messages in thread
From: Davide Caratti @ 2018-06-07 13:46 UTC (permalink / raw)
To: Jamal Hadi Salim, Cong Wang, Jiri Pirko; +Cc: David S. Miller, netdev
use nla_strlcpy() to avoid copying data beyond the length of TCA_DEFDATA
netlink attribute, in case it is less than SIMP_MAX_DATA and it does not
end with '\0' character.
Fixes: 0eff683f737b ("net/sched: potential data corruption")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
---
net/sched/act_simple.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c
index 9618b4a83cee..98c4afe7c15b 100644
--- a/net/sched/act_simple.c
+++ b/net/sched/act_simple.c
@@ -53,22 +53,22 @@ static void tcf_simp_release(struct tc_action *a)
kfree(d->tcfd_defdata);
}
-static int alloc_defdata(struct tcf_defact *d, char *defdata)
+static int alloc_defdata(struct tcf_defact *d, const struct nlattr *defdata)
{
d->tcfd_defdata = kzalloc(SIMP_MAX_DATA, GFP_KERNEL);
if (unlikely(!d->tcfd_defdata))
return -ENOMEM;
- strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
+ nla_strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
return 0;
}
-static void reset_policy(struct tcf_defact *d, char *defdata,
+static void reset_policy(struct tcf_defact *d, const struct nlattr *defdata,
struct tc_defact *p)
{
spin_lock_bh(&d->tcf_lock);
d->tcf_action = p->action;
memset(d->tcfd_defdata, 0, SIMP_MAX_DATA);
- strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
+ nla_strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
spin_unlock_bh(&d->tcf_lock);
}
@@ -87,7 +87,6 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
struct tcf_defact *d;
bool exists = false;
int ret = 0, err;
- char *defdata;
if (nla == NULL)
return -EINVAL;
@@ -110,8 +109,6 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
return -EINVAL;
}
- defdata = nla_data(tb[TCA_DEF_DATA]);
-
if (!exists) {
ret = tcf_idr_create(tn, parm->index, est, a,
&act_simp_ops, bind, false);
@@ -119,7 +116,7 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
return ret;
d = to_defact(*a);
- ret = alloc_defdata(d, defdata);
+ ret = alloc_defdata(d, tb[TCA_DEF_DATA]);
if (ret < 0) {
tcf_idr_release(*a, bind);
return ret;
@@ -133,7 +130,7 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
if (!ovr)
return -EEXIST;
- reset_policy(d, defdata, parm);
+ reset_policy(d, tb[TCA_DEF_DATA], parm);
}
if (ret == ACT_P_CREATED)
--
2.17.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH net] net/sched: act_simple: fix parsing of TCA_DEFDATA
2018-06-07 13:46 [PATCH net] net/sched: act_simple: fix parsing of TCA_DEFDATA Davide Caratti
@ 2018-06-08 2:07 ` Hangbin Liu
2018-06-08 3:00 ` Davide Caratti
0 siblings, 1 reply; 3+ messages in thread
From: Hangbin Liu @ 2018-06-08 2:07 UTC (permalink / raw)
To: Davide Caratti; +Cc: netdev
On Thu, Jun 07, 2018 at 03:46:43PM +0200, Davide Caratti wrote:
> use nla_strlcpy() to avoid copying data beyond the length of TCA_DEFDATA
s/TCA_DEFDATA/TCA_DEF_DATA/, incase someone search the commit history but
could not find it.
Thanks
Hangbin
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net] net/sched: act_simple: fix parsing of TCA_DEFDATA
2018-06-08 2:07 ` Hangbin Liu
@ 2018-06-08 3:00 ` Davide Caratti
0 siblings, 0 replies; 3+ messages in thread
From: Davide Caratti @ 2018-06-08 3:00 UTC (permalink / raw)
To: Hangbin Liu; +Cc: netdev, jhs, xiyou.wangcong, jiri, davem
On Fri, 2018-06-08 at 10:07 +0800, Hangbin Liu wrote:
> On Thu, Jun 07, 2018 at 03:46:43PM +0200, Davide Caratti wrote:
> > use nla_strlcpy() to avoid copying data beyond the length of TCA_DEFDATA
>
> s/TCA_DEFDATA/TCA_DEF_DATA/, incase someone search the commit history but
> could not find it.
>
> Thanks
> Hangbin
sure, thanks, and after another look I think also the 'Fixes:' tag is
wrong. More probably it was introduced with
fa1b1cff3d06 "net_cls_act: Make act_simple use of netlink policy."
I will send a v2 in minutes.
regards,
--
davide
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-06-08 3:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-07 13:46 [PATCH net] net/sched: act_simple: fix parsing of TCA_DEFDATA Davide Caratti
2018-06-08 2:07 ` Hangbin Liu
2018-06-08 3:00 ` Davide Caratti
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.