diff options
| author | Christoph Schulz <develop@kristov.de> | 2014-07-16 16:10:29 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-07-17 02:42:06 -0400 |
| commit | cc25eaae238ddd693aa5eaa73e565d8ff4915f6e (patch) | |
| tree | 629a02ffbc4e6568d6989b9076b42cf360c5c2c3 /drivers/net/ppp/ppp_generic.c | |
| parent | 858e6c321065344339906672bccd0eafe9622258 (diff) | |
net: ppp: fix creating PPP pass and active filters
Commit 568f194e8bd16c353ad50f9ab95d98b20578a39d ("net: ppp: use
sk_unattached_filter api") inadvertently changed the logic when setting
PPP pass and active filters. This applies to both the generic PPP subsystem
implemented by drivers/net/ppp/ppp_generic.c and the ISDN PPP subsystem
implemented by drivers/isdn/i4l/isdn_ppp.c. The original code in ppp_ioctl()
(or isdn_ppp_ioctl(), resp.) handling PPPIOCSPASS and PPPIOCSACTIVE allowed to
remove a pass/active filter previously set by using a filter of length zero.
However, with the new code this is not possible anymore as this case is not
explicitly checked for, which leads to passing NULL as a filter to
sk_unattached_filter_create(). This results in returning EINVAL to the caller.
Additionally, the variables ppp->pass_filter and ppp->active_filter (or
is->pass_filter and is->active_filter, resp.) are not reset to NULL, although
the filters they point to may have been destroyed by
sk_unattached_filter_destroy(), so in this EINVAL case dangling pointers are
left behind (provided the pointers were previously non-NULL).
This patch corrects both problems by checking whether the filter passed is
empty or non-empty, and prevents sk_unattached_filter_create() from being
called in the first case. Moreover, the pointers are always reset to NULL
as soon as sk_unattached_filter_destroy() returns.
Signed-off-by: Christoph Schulz <develop@kristov.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ppp/ppp_generic.c')
| -rw-r--r-- | drivers/net/ppp/ppp_generic.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index e2f20f807de8..d5b77ef3a210 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c | |||
| @@ -757,10 +757,15 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
| 757 | }; | 757 | }; |
| 758 | 758 | ||
| 759 | ppp_lock(ppp); | 759 | ppp_lock(ppp); |
| 760 | if (ppp->pass_filter) | 760 | if (ppp->pass_filter) { |
| 761 | sk_unattached_filter_destroy(ppp->pass_filter); | 761 | sk_unattached_filter_destroy(ppp->pass_filter); |
| 762 | err = sk_unattached_filter_create(&ppp->pass_filter, | 762 | ppp->pass_filter = NULL; |
| 763 | &fprog); | 763 | } |
| 764 | if (fprog.filter != NULL) | ||
| 765 | err = sk_unattached_filter_create(&ppp->pass_filter, | ||
| 766 | &fprog); | ||
| 767 | else | ||
| 768 | err = 0; | ||
| 764 | kfree(code); | 769 | kfree(code); |
| 765 | ppp_unlock(ppp); | 770 | ppp_unlock(ppp); |
| 766 | } | 771 | } |
| @@ -778,10 +783,15 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
| 778 | }; | 783 | }; |
| 779 | 784 | ||
| 780 | ppp_lock(ppp); | 785 | ppp_lock(ppp); |
| 781 | if (ppp->active_filter) | 786 | if (ppp->active_filter) { |
| 782 | sk_unattached_filter_destroy(ppp->active_filter); | 787 | sk_unattached_filter_destroy(ppp->active_filter); |
| 783 | err = sk_unattached_filter_create(&ppp->active_filter, | 788 | ppp->active_filter = NULL; |
| 784 | &fprog); | 789 | } |
| 790 | if (fprog.filter != NULL) | ||
| 791 | err = sk_unattached_filter_create(&ppp->active_filter, | ||
| 792 | &fprog); | ||
| 793 | else | ||
| 794 | err = 0; | ||
| 785 | kfree(code); | 795 | kfree(code); |
| 786 | ppp_unlock(ppp); | 796 | ppp_unlock(ppp); |
| 787 | } | 797 | } |