aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Mazur <krzysiek@podlesie.net>2012-11-28 03:08:04 -0500
committerDavid Woodhouse <David.Woodhouse@intel.com>2012-12-01 19:05:19 -0500
commit9eba25268e5862571d53122065616c456fe1142a (patch)
tree30c5053cd10de8dc4c75825d62f89e183e911247
parent007ef52be171b9eee6f4099d3e5706e8068d31ef (diff)
br2684: allow assign only on a connected socket
The br2684 does not check if used vcc is in connected state, causing potential Oops in pppoatm_send() when vcc->send() is called on not fully connected socket. Now br2684 can be assigned only on connected sockets; otherwise -EINVAL error is returned. Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
-rw-r--r--net/atm/br2684.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/net/atm/br2684.c b/net/atm/br2684.c
index 6dc383c90262..403e71fa88fe 100644
--- a/net/atm/br2684.c
+++ b/net/atm/br2684.c
@@ -735,10 +735,13 @@ static int br2684_ioctl(struct socket *sock, unsigned int cmd,
735 return -ENOIOCTLCMD; 735 return -ENOIOCTLCMD;
736 if (!capable(CAP_NET_ADMIN)) 736 if (!capable(CAP_NET_ADMIN))
737 return -EPERM; 737 return -EPERM;
738 if (cmd == ATM_SETBACKEND) 738 if (cmd == ATM_SETBACKEND) {
739 if (sock->state != SS_CONNECTED)
740 return -EINVAL;
739 return br2684_regvcc(atmvcc, argp); 741 return br2684_regvcc(atmvcc, argp);
740 else 742 } else {
741 return br2684_create(argp); 743 return br2684_create(argp);
744 }
742#ifdef CONFIG_ATM_BR2684_IPFILTER 745#ifdef CONFIG_ATM_BR2684_IPFILTER
743 case BR2684_SETFILT: 746 case BR2684_SETFILT:
744 if (atmvcc->push != br2684_push) 747 if (atmvcc->push != br2684_push)