From 13f42a71e49164769a98fc51033c65a211861404 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Thu, 20 Jan 2011 17:54:26 +0100 Subject: Enforce network-order data in the netlink protocol Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review) --- kernel/ip_set_bitmap_port.c | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) (limited to 'kernel/ip_set_bitmap_port.c') diff --git a/kernel/ip_set_bitmap_port.c b/kernel/ip_set_bitmap_port.c index dfece55..17303c6 100644 --- a/kernel/ip_set_bitmap_port.c +++ b/kernel/ip_set_bitmap_port.c @@ -116,14 +116,14 @@ bitmap_port_uadt(struct ip_set *set, struct nlattr *head, int len, bitmap_port_adt_policy)) return -IPSET_ERR_PROTOCOL; + if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || + !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO))) + return -IPSET_ERR_PROTOCOL; + if (tb[IPSET_ATTR_LINENO]) *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); - if (tb[IPSET_ATTR_PORT]) - port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); - else - return -IPSET_ERR_PROTOCOL; - + port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); if (port < map->first_port || port > map->last_port) return -IPSET_ERR_BITMAP_RANGE; @@ -347,14 +347,15 @@ bitmap_port_timeout_uadt(struct ip_set *set, struct nlattr *head, int len, bitmap_port_adt_policy)) return -IPSET_ERR_PROTOCOL; + if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || + !ip_set_optattr_netorder(tb, IPSET_ATTR_PORT_TO) || + !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) + return -IPSET_ERR_PROTOCOL; + if (tb[IPSET_ATTR_LINENO]) *lineno = nla_get_u32(tb[IPSET_ATTR_LINENO]); - if (tb[IPSET_ATTR_PORT]) - port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); - else - return -IPSET_ERR_PROTOCOL; - + port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); if (port < map->first_port || port > map->last_port) return -IPSET_ERR_BITMAP_RANGE; @@ -568,21 +569,19 @@ bitmap_port_create(struct ip_set *set, struct nlattr *head, int len, bitmap_port_create_policy)) return -IPSET_ERR_PROTOCOL; - if (tb[IPSET_ATTR_PORT]) - first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); - else + if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_PORT) || + !ip_set_attr_netorder(tb, IPSET_ATTR_PORT_TO) || + !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT))) return -IPSET_ERR_PROTOCOL; - if (tb[IPSET_ATTR_PORT_TO]) { - last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); - if (first_port > last_port) { - u16 tmp = first_port; + first_port = ip_set_get_h16(tb[IPSET_ATTR_PORT]); + last_port = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]); + if (first_port > last_port) { + u16 tmp = first_port; - first_port = last_port; - last_port = tmp; - } - } else - return -IPSET_ERR_PROTOCOL; + first_port = last_port; + last_port = tmp; + } if (tb[IPSET_ATTR_TIMEOUT]) { struct bitmap_port_timeout *map; -- cgit v1.2.3