diff options
| author | Oliver Hartkopp <oliver.hartkopp@volkswagen.de> | 2008-07-06 02:38:43 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-07-06 02:38:43 -0400 |
| commit | 7f2d38eb7a42bea1c1df51bbdaa2ca0f0bdda07f (patch) | |
| tree | 930ee4b119242ea70d020521f217b42090e42b6e /net/can/af_can.c | |
| parent | c5a78ac00c400df29645e59938700301efb371d0 (diff) | |
can: add sanity checks
Even though the CAN netlayer only deals with CAN netdevices, the
netlayer interface to the userspace and to the device layer should
perform some sanity checks.
This patch adds several sanity checks that mainly prevent userspace apps
to send broken content into the system that may be misinterpreted by
some other userspace application.
Signed-off-by: Oliver Hartkopp <oliver.hartkopp@volkswagen.de>
Signed-off-by: Urs Thuermann <urs.thuermann@volkswagen.de>
Acked-by: Andre Naujoks <nautsch@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/can/af_can.c')
| -rw-r--r-- | net/can/af_can.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/net/can/af_can.c b/net/can/af_can.c index 7e8ca2836452..484bbf6dd032 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c | |||
| @@ -205,12 +205,19 @@ static int can_create(struct net *net, struct socket *sock, int protocol) | |||
| 205 | * -ENOBUFS on full driver queue (see net_xmit_errno()) | 205 | * -ENOBUFS on full driver queue (see net_xmit_errno()) |
| 206 | * -ENOMEM when local loopback failed at calling skb_clone() | 206 | * -ENOMEM when local loopback failed at calling skb_clone() |
| 207 | * -EPERM when trying to send on a non-CAN interface | 207 | * -EPERM when trying to send on a non-CAN interface |
| 208 | * -EINVAL when the skb->data does not contain a valid CAN frame | ||
| 208 | */ | 209 | */ |
| 209 | int can_send(struct sk_buff *skb, int loop) | 210 | int can_send(struct sk_buff *skb, int loop) |
| 210 | { | 211 | { |
| 211 | struct sk_buff *newskb = NULL; | 212 | struct sk_buff *newskb = NULL; |
| 213 | struct can_frame *cf = (struct can_frame *)skb->data; | ||
| 212 | int err; | 214 | int err; |
| 213 | 215 | ||
| 216 | if (skb->len != sizeof(struct can_frame) || cf->can_dlc > 8) { | ||
| 217 | kfree_skb(skb); | ||
| 218 | return -EINVAL; | ||
| 219 | } | ||
| 220 | |||
| 214 | if (skb->dev->type != ARPHRD_CAN) { | 221 | if (skb->dev->type != ARPHRD_CAN) { |
| 215 | kfree_skb(skb); | 222 | kfree_skb(skb); |
| 216 | return -EPERM; | 223 | return -EPERM; |
| @@ -605,6 +612,7 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev, | |||
| 605 | struct packet_type *pt, struct net_device *orig_dev) | 612 | struct packet_type *pt, struct net_device *orig_dev) |
| 606 | { | 613 | { |
| 607 | struct dev_rcv_lists *d; | 614 | struct dev_rcv_lists *d; |
| 615 | struct can_frame *cf = (struct can_frame *)skb->data; | ||
| 608 | int matches; | 616 | int matches; |
| 609 | 617 | ||
| 610 | if (dev->type != ARPHRD_CAN || dev_net(dev) != &init_net) { | 618 | if (dev->type != ARPHRD_CAN || dev_net(dev) != &init_net) { |
| @@ -612,6 +620,8 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev, | |||
| 612 | return 0; | 620 | return 0; |
| 613 | } | 621 | } |
| 614 | 622 | ||
| 623 | BUG_ON(skb->len != sizeof(struct can_frame) || cf->can_dlc > 8); | ||
| 624 | |||
| 615 | /* update statistics */ | 625 | /* update statistics */ |
| 616 | can_stats.rx_frames++; | 626 | can_stats.rx_frames++; |
| 617 | can_stats.rx_frames_delta++; | 627 | can_stats.rx_frames_delta++; |