diff options
author | Christoph Schulz <develop@kristov.de> | 2014-07-16 16:10:29 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-07-17 02:42:06 -0400 |
commit | cc25eaae238ddd693aa5eaa73e565d8ff4915f6e (patch) | |
tree | 629a02ffbc4e6568d6989b9076b42cf360c5c2c3 /drivers/isdn/i4l | |
parent | 858e6c321065344339906672bccd0eafe9622258 (diff) |
net: ppp: fix creating PPP pass and active filters
Commit 568f194e8bd16c353ad50f9ab95d98b20578a39d ("net: ppp: use
sk_unattached_filter api") inadvertently changed the logic when setting
PPP pass and active filters. This applies to both the generic PPP subsystem
implemented by drivers/net/ppp/ppp_generic.c and the ISDN PPP subsystem
implemented by drivers/isdn/i4l/isdn_ppp.c. The original code in ppp_ioctl()
(or isdn_ppp_ioctl(), resp.) handling PPPIOCSPASS and PPPIOCSACTIVE allowed to
remove a pass/active filter previously set by using a filter of length zero.
However, with the new code this is not possible anymore as this case is not
explicitly checked for, which leads to passing NULL as a filter to
sk_unattached_filter_create(). This results in returning EINVAL to the caller.
Additionally, the variables ppp->pass_filter and ppp->active_filter (or
is->pass_filter and is->active_filter, resp.) are not reset to NULL, although
the filters they point to may have been destroyed by
sk_unattached_filter_destroy(), so in this EINVAL case dangling pointers are
left behind (provided the pointers were previously non-NULL).
This patch corrects both problems by checking whether the filter passed is
empty or non-empty, and prevents sk_unattached_filter_create() from being
called in the first case. Moreover, the pointers are always reset to NULL
as soon as sk_unattached_filter_destroy() returns.
Signed-off-by: Christoph Schulz <develop@kristov.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/isdn/i4l')
-rw-r--r-- | drivers/isdn/i4l/isdn_ppp.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c index a333b7f798d1..62f0688d45a5 100644 --- a/drivers/isdn/i4l/isdn_ppp.c +++ b/drivers/isdn/i4l/isdn_ppp.c | |||
@@ -638,9 +638,15 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) | |||
638 | fprog.len = len; | 638 | fprog.len = len; |
639 | fprog.filter = code; | 639 | fprog.filter = code; |
640 | 640 | ||
641 | if (is->pass_filter) | 641 | if (is->pass_filter) { |
642 | sk_unattached_filter_destroy(is->pass_filter); | 642 | sk_unattached_filter_destroy(is->pass_filter); |
643 | err = sk_unattached_filter_create(&is->pass_filter, &fprog); | 643 | is->pass_filter = NULL; |
644 | } | ||
645 | if (fprog.filter != NULL) | ||
646 | err = sk_unattached_filter_create(&is->pass_filter, | ||
647 | &fprog); | ||
648 | else | ||
649 | err = 0; | ||
644 | kfree(code); | 650 | kfree(code); |
645 | 651 | ||
646 | return err; | 652 | return err; |
@@ -657,9 +663,15 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) | |||
657 | fprog.len = len; | 663 | fprog.len = len; |
658 | fprog.filter = code; | 664 | fprog.filter = code; |
659 | 665 | ||
660 | if (is->active_filter) | 666 | if (is->active_filter) { |
661 | sk_unattached_filter_destroy(is->active_filter); | 667 | sk_unattached_filter_destroy(is->active_filter); |
662 | err = sk_unattached_filter_create(&is->active_filter, &fprog); | 668 | is->active_filter = NULL; |
669 | } | ||
670 | if (fprog.filter != NULL) | ||
671 | err = sk_unattached_filter_create(&is->active_filter, | ||
672 | &fprog); | ||
673 | else | ||
674 | err = 0; | ||
663 | kfree(code); | 675 | kfree(code); |
664 | 676 | ||
665 | return err; | 677 | return err; |