diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-01-20 17:54:26 +0100 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-01-20 17:54:26 +0100 |
| commit | 13f42a71e49164769a98fc51033c65a211861404 (patch) | |
| tree | 966741c7765a2cf866f3a67ca4a432178eadfabe /kernel/ip_set_bitmap_port.c | |
| parent | c8396bdc040f4b16e6f6e3f8b81b9fb67a499d9c (diff) | |
Enforce network-order data in the netlink protocol
Allow only network-order data, with NLA_F_NET_BYTEORDER flag.
Sanity checks also added to prevent processing broken messages
where mandatory attributes are missing. (Patrick McHardy's review)
Diffstat (limited to 'kernel/ip_set_bitmap_port.c')
| -rw-r--r-- | kernel/ip_set_bitmap_port.c | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/kernel/ip_set_bitmap_port.c b/kernel/ip_set_bitmap_port.c index dfece55..17303c6 100644 --- a/kernel/ip_set_bitmap_port.c +++ b/kernel/ip_set_bitmap_port.c @@ -116,14 +116,14 @@ bitmap_port_uadt(struct ip_set *set, struct nlattr *head, int len, bitmap_port_adt_policy)) return -IPSET_ERR_PROTOCOL; + if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || + !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO))) + return -IPSET_ERR_PROTOCOL; + if (tb[IPSET_ATTR_LINENO]) *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); - if (tb[IPSET_ATTR_PORT]) - port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); - else - return -IPSET_ERR_PROTOCOL; - + port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); if (port < map->first_port || port > map->last_port) return -IPSET_ERR_BITMAP_RANGE; @@ -347,14 +347,15 @@ bitmap_port_timeout_uadt(struct ip_set *set, struct nlattr *head, int len, bitmap_port_adt_policy)) return -IPSET_ERR_PROTOCOL; + if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || + !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || + !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) + return -IPSET_ERR_PROTOCOL; + if (tb[IPSET_ATTR_LINENO]) *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); - if (tb[IPSET_ATTR_PORT]) - port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); - else - return -IPSET_ERR_PROTOCOL; - + port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); if (port < map->first_port || port > map->last_port) return -IPSET_ERR_BITMAP_RANGE; @@ -568,21 +569,19 @@ bitmap_port_create(struct ip_set *set, struct nlattr *head, int len, bitmap_port_create_policy)) return -IPSET_ERR_PROTOCOL; - if (tb[IPSET_ATTR_PORT]) - first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); - else + if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || + !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) || + !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) return -IPSET_ERR_PROTOCOL; - if (tb[IPSET_ATTR_PORT_TO]) { - last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); - if (first_port > last_port) { - u16 tmp = first_port; + first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); + last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); + if (first_port > last_port) { + u16 tmp = first_port; - first_port = last_port; - last_port = tmp; - } - } else - return -IPSET_ERR_PROTOCOL; + first_port = last_port; + last_port = tmp; + } if (tb[IPSET_ATTR_TIMEOUT]) { struct bitmap_port_timeout *map; |