From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Davide Caratti <dcaratti@redhat.com>,
Simon Horman <simon.horman@netronome.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.9 17/39] net/sched: act_simple: fix parsing of TCA_DEF_DATA
Date: Sun, 24 Jun 2018 23:24:04 +0800 [thread overview]
Message-ID: <20180624152353.937670246@linuxfoundation.org> (raw)
In-Reply-To: <20180624152352.038950449@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davide Caratti <dcaratti@redhat.com>
[ Upstream commit 8d499533e0bc02d44283dbdab03142b599b8ba16 ]
use nla_strlcpy() to avoid copying data beyond the length of TCA_DEF_DATA
netlink attribute, in case it is less than SIMP_MAX_DATA and it does not
end with '\0' character.
v2: fix errors in the commit message, thanks Hangbin Liu
Fixes: fa1b1cff3d06 ("net_cls_act: Make act_simple use of netlink policy.")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/act_simple.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
--- a/net/sched/act_simple.c
+++ b/net/sched/act_simple.c
@@ -55,22 +55,22 @@ static void tcf_simp_release(struct tc_a
kfree(d->tcfd_defdata);
}
-static int alloc_defdata(struct tcf_defact *d, char *defdata)
+static int alloc_defdata(struct tcf_defact *d, const struct nlattr *defdata)
{
d->tcfd_defdata = kzalloc(SIMP_MAX_DATA, GFP_KERNEL);
if (unlikely(!d->tcfd_defdata))
return -ENOMEM;
- strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
+ nla_strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
return 0;
}
-static void reset_policy(struct tcf_defact *d, char *defdata,
+static void reset_policy(struct tcf_defact *d, const struct nlattr *defdata,
struct tc_defact *p)
{
spin_lock_bh(&d->tcf_lock);
d->tcf_action = p->action;
memset(d->tcfd_defdata, 0, SIMP_MAX_DATA);
- strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
+ nla_strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
spin_unlock_bh(&d->tcf_lock);
}
@@ -89,7 +89,6 @@ static int tcf_simp_init(struct net *net
struct tcf_defact *d;
bool exists = false;
int ret = 0, err;
- char *defdata;
if (nla == NULL)
return -EINVAL;
@@ -112,8 +111,6 @@ static int tcf_simp_init(struct net *net
return -EINVAL;
}
- defdata = nla_data(tb[TCA_DEF_DATA]);
-
if (!exists) {
ret = tcf_hash_create(tn, parm->index, est, a,
&act_simp_ops, bind, false);
@@ -121,7 +118,7 @@ static int tcf_simp_init(struct net *net
return ret;
d = to_defact(*a);
- ret = alloc_defdata(d, defdata);
+ ret = alloc_defdata(d, tb[TCA_DEF_DATA]);
if (ret < 0) {
tcf_hash_cleanup(*a, est);
return ret;
@@ -135,7 +132,7 @@ static int tcf_simp_init(struct net *net
if (!ovr)
return -EEXIST;
- reset_policy(d, defdata, parm);
+ reset_policy(d, tb[TCA_DEF_DATA], parm);
}
if (ret == ACT_P_CREATED)
next prev parent reply other threads:[~2018-06-24 15:54 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-24 15:23 [PATCH 4.9 00/39] 4.9.110-stable review Greg Kroah-Hartman
2018-06-24 15:23 ` [PATCH 4.9 01/39] objtool: update .gitignore file Greg Kroah-Hartman
2018-06-24 15:23 ` [PATCH 4.9 03/39] netfilter: ebtables: handle string from userspace with care Greg Kroah-Hartman
2018-06-24 15:23 ` [PATCH 4.9 04/39] ipvs: fix buffer overflow with sync daemon and service Greg Kroah-Hartman
2018-06-24 15:23 ` [PATCH 4.9 05/39] iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Greg Kroah-Hartman
2018-06-24 15:23 ` [PATCH 4.9 06/39] atm: zatm: fix memcmp casting Greg Kroah-Hartman
2018-06-24 15:23 ` [PATCH 4.9 09/39] net/sonic: Use dma_mapping_error() Greg Kroah-Hartman
2018-06-24 15:23 ` [PATCH 4.9 11/39] Revert "Btrfs: fix scrub to repair raid6 corruption" Greg Kroah-Hartman
2018-06-24 15:23 ` [PATCH 4.9 12/39] tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 13/39] Btrfs: make raid6 rebuild retry more Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 15/39] bonding: re-evaluate force_primary when the primary slave name changes Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 16/39] ipv6: allow PMTU exceptions to local routes Greg Kroah-Hartman
2018-06-24 15:24 ` Greg Kroah-Hartman [this message]
2018-06-24 15:24 ` [PATCH 4.9 18/39] tcp: verify the checksum of the first data segment in a new connection Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 20/39] ext4: fix hole length detection in ext4_ind_map_blocks() Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 21/39] ext4: update mtime in ext4_punch_hole even if no blocks are released Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 22/39] ext4: fix fencepost error in check for inode count overflow during resize Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 23/39] driver core: Dont ignore class_dir_create_and_add() failure Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 24/39] Btrfs: fix clone vs chattr NODATASUM race Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 25/39] Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2() Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 26/39] btrfs: scrub: Dont use inode pages for device replace Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 27/39] ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 28/39] ALSA: hda: add dock and led support for HP EliteBook 830 G5 Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 29/39] ALSA: hda: add dock and led support for HP ProBook 640 G4 Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 30/39] smb3: on reconnect set PreviousSessionId field Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 31/39] cpufreq: Fix new policy initialization during limits updates via sysfs Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 32/39] libata: zpodd: make arrays cdb static, reduces object code size Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 33/39] libata: zpodd: small read overflow in eject_tray() Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 34/39] libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 35/39] w1: mxc_w1: Enable clock before calling clk_get_rate() on it Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 36/39] orangefs: set i_size on new symlink Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 37/39] HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 38/39] vhost: fix info leak due to uninitialized memory Greg Kroah-Hartman
2018-06-24 15:24 ` [PATCH 4.9 39/39] fs/binfmt_misc.c: do not allow offset overflow Greg Kroah-Hartman
2018-06-24 17:44 ` [PATCH 4.9 00/39] 4.9.110-stable review Nathan Chancellor
2018-06-25 0:55 ` Greg Kroah-Hartman
2018-06-25 5:06 ` Naresh Kamboju
2018-06-25 6:43 ` Greg Kroah-Hartman
2018-06-25 17:18 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180624152353.937670246@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dcaratti@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=simon.horman@netronome.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).