aboutsummaryrefslogtreecommitdiffstats
path: root/net/core
diff options
context:
space:
mode:
Diffstat (limited to 'net/core')
-rw-r--r--net/core/dev.c2
-rw-r--r--net/core/neighbour.c7
-rw-r--r--net/core/rtnetlink.c27
3 files changed, 27 insertions, 9 deletions
diff --git a/net/core/dev.c b/net/core/dev.c
index 908f07c3bd7d..fcdf03cf3b3f 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2900,7 +2900,7 @@ int __dev_addr_add(struct dev_addr_list **list, int *count,
2900 } 2900 }
2901 } 2901 }
2902 2902
2903 da = kmalloc(sizeof(*da), GFP_ATOMIC); 2903 da = kzalloc(sizeof(*da), GFP_ATOMIC);
2904 if (da == NULL) 2904 if (da == NULL)
2905 return -ENOMEM; 2905 return -ENOMEM;
2906 memcpy(da->da_addr, addr, alen); 2906 memcpy(da->da_addr, addr, alen);
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index a16cf1ec5e5e..2328acbd16cd 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -358,11 +358,12 @@ struct neighbour *neigh_lookup(struct neigh_table *tbl, const void *pkey,
358{ 358{
359 struct neighbour *n; 359 struct neighbour *n;
360 int key_len = tbl->key_len; 360 int key_len = tbl->key_len;
361 u32 hash_val = tbl->hash(pkey, dev); 361 u32 hash_val;
362 362
363 NEIGH_CACHE_STAT_INC(tbl, lookups); 363 NEIGH_CACHE_STAT_INC(tbl, lookups);
364 364
365 read_lock_bh(&tbl->lock); 365 read_lock_bh(&tbl->lock);
366 hash_val = tbl->hash(pkey, dev);
366 for (n = tbl->hash_buckets[hash_val & tbl->hash_mask]; n; n = n->next) { 367 for (n = tbl->hash_buckets[hash_val & tbl->hash_mask]; n; n = n->next) {
367 if (dev == n->dev && !memcmp(n->primary_key, pkey, key_len)) { 368 if (dev == n->dev && !memcmp(n->primary_key, pkey, key_len)) {
368 neigh_hold(n); 369 neigh_hold(n);
@@ -379,11 +380,12 @@ struct neighbour *neigh_lookup_nodev(struct neigh_table *tbl, struct net *net,
379{ 380{
380 struct neighbour *n; 381 struct neighbour *n;
381 int key_len = tbl->key_len; 382 int key_len = tbl->key_len;
382 u32 hash_val = tbl->hash(pkey, NULL); 383 u32 hash_val;
383 384
384 NEIGH_CACHE_STAT_INC(tbl, lookups); 385 NEIGH_CACHE_STAT_INC(tbl, lookups);
385 386
386 read_lock_bh(&tbl->lock); 387 read_lock_bh(&tbl->lock);
388 hash_val = tbl->hash(pkey, NULL);
387 for (n = tbl->hash_buckets[hash_val & tbl->hash_mask]; n; n = n->next) { 389 for (n = tbl->hash_buckets[hash_val & tbl->hash_mask]; n; n = n->next) {
388 if (!memcmp(n->primary_key, pkey, key_len) && 390 if (!memcmp(n->primary_key, pkey, key_len) &&
389 (net == n->dev->nd_net)) { 391 (net == n->dev->nd_net)) {
@@ -507,6 +509,7 @@ struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl,
507 if (tbl->pconstructor && tbl->pconstructor(n)) { 509 if (tbl->pconstructor && tbl->pconstructor(n)) {
508 if (dev) 510 if (dev)
509 dev_put(dev); 511 dev_put(dev);
512 release_net(net);
510 kfree(n); 513 kfree(n);
511 n = NULL; 514 n = NULL;
512 goto out; 515 goto out;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 61ac8d06292c..2bd9c5f7627d 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -689,10 +689,12 @@ const struct nla_policy ifla_policy[IFLA_MAX+1] = {
689 [IFLA_BROADCAST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN }, 689 [IFLA_BROADCAST] = { .type = NLA_BINARY, .len = MAX_ADDR_LEN },
690 [IFLA_MAP] = { .len = sizeof(struct rtnl_link_ifmap) }, 690 [IFLA_MAP] = { .len = sizeof(struct rtnl_link_ifmap) },
691 [IFLA_MTU] = { .type = NLA_U32 }, 691 [IFLA_MTU] = { .type = NLA_U32 },
692 [IFLA_LINK] = { .type = NLA_U32 },
692 [IFLA_TXQLEN] = { .type = NLA_U32 }, 693 [IFLA_TXQLEN] = { .type = NLA_U32 },
693 [IFLA_WEIGHT] = { .type = NLA_U32 }, 694 [IFLA_WEIGHT] = { .type = NLA_U32 },
694 [IFLA_OPERSTATE] = { .type = NLA_U8 }, 695 [IFLA_OPERSTATE] = { .type = NLA_U8 },
695 [IFLA_LINKMODE] = { .type = NLA_U8 }, 696 [IFLA_LINKMODE] = { .type = NLA_U8 },
697 [IFLA_LINKINFO] = { .type = NLA_NESTED },
696 [IFLA_NET_NS_PID] = { .type = NLA_U32 }, 698 [IFLA_NET_NS_PID] = { .type = NLA_U32 },
697}; 699};
698 700
@@ -720,6 +722,21 @@ static struct net *get_net_ns_by_pid(pid_t pid)
720 return net; 722 return net;
721} 723}
722 724
725static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[])
726{
727 if (dev) {
728 if (tb[IFLA_ADDRESS] &&
729 nla_len(tb[IFLA_ADDRESS]) < dev->addr_len)
730 return -EINVAL;
731
732 if (tb[IFLA_BROADCAST] &&
733 nla_len(tb[IFLA_BROADCAST]) < dev->addr_len)
734 return -EINVAL;
735 }
736
737 return 0;
738}
739
723static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm, 740static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
724 struct nlattr **tb, char *ifname, int modified) 741 struct nlattr **tb, char *ifname, int modified)
725{ 742{
@@ -892,12 +909,7 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
892 goto errout; 909 goto errout;
893 } 910 }
894 911
895 if (tb[IFLA_ADDRESS] && 912 if ((err = validate_linkmsg(dev, tb)) < 0)
896 nla_len(tb[IFLA_ADDRESS]) < dev->addr_len)
897 goto errout_dev;
898
899 if (tb[IFLA_BROADCAST] &&
900 nla_len(tb[IFLA_BROADCAST]) < dev->addr_len)
901 goto errout_dev; 913 goto errout_dev;
902 914
903 err = do_setlink(dev, ifm, tb, ifname, 0); 915 err = do_setlink(dev, ifm, tb, ifname, 0);
@@ -1018,6 +1030,9 @@ replay:
1018 else 1030 else
1019 dev = NULL; 1031 dev = NULL;
1020 1032
1033 if ((err = validate_linkmsg(dev, tb)) < 0)
1034 return err;
1035
1021 if (tb[IFLA_LINKINFO]) { 1036 if (tb[IFLA_LINKINFO]) {
1022 err = nla_parse_nested(linkinfo, IFLA_INFO_MAX, 1037 err = nla_parse_nested(linkinfo, IFLA_INFO_MAX,
1023 tb[IFLA_LINKINFO], ifla_info_policy); 1038 tb[IFLA_LINKINFO], ifla_info_policy);
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-19 21:01:03 -0400