diff options
author | Xin Long <lucien.xin@gmail.com> | 2019-11-21 11:14:50 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-11-21 20:47:39 +0100 |
commit | 1841b9829903c82e0445032ad4a7556fcc44a497 (patch) | |
tree | 2911c68138c4e298783e4f442eca5eccbc1f0bef /net/ipv4/ip_tunnel_core.c | |
parent | lwtunnel: be STRICT to validate the new LWTUNNEL_IP(6)_OPTS (diff) | |
download | linux-1841b9829903c82e0445032ad4a7556fcc44a497.tar.xz linux-1841b9829903c82e0445032ad4a7556fcc44a497.zip |
lwtunnel: check erspan options before allocating tun_info
As Jakub suggested on another patch, it's better to do the check
on erspan options before allocating memory.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ip_tunnel_core.c')
-rw-r--r-- | net/ipv4/ip_tunnel_core.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index 0a7eaadc9a8d..47f8b947eef1 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c @@ -321,6 +321,7 @@ static int ip_tun_parse_opts_erspan(struct nlattr *attr, { struct nlattr *tb[LWTUNNEL_IP_OPT_ERSPAN_MAX + 1]; int err; + u8 ver; err = nla_parse_nested(tb, LWTUNNEL_IP_OPT_ERSPAN_MAX, attr, erspan_opt_policy, extack); @@ -330,24 +331,31 @@ static int ip_tun_parse_opts_erspan(struct nlattr *attr, if (!tb[LWTUNNEL_IP_OPT_ERSPAN_VER]) return -EINVAL; + ver = nla_get_u8(tb[LWTUNNEL_IP_OPT_ERSPAN_VER]); + if (ver == 1) { + if (!tb[LWTUNNEL_IP_OPT_ERSPAN_INDEX]) + return -EINVAL; + } else if (ver == 2) { + if (!tb[LWTUNNEL_IP_OPT_ERSPAN_DIR] || + !tb[LWTUNNEL_IP_OPT_ERSPAN_HWID]) + return -EINVAL; + } else { + return -EINVAL; + } + if (info) { struct erspan_metadata *md = ip_tunnel_info_opts(info) + opts_len; - attr = tb[LWTUNNEL_IP_OPT_ERSPAN_VER]; - md->version = nla_get_u8(attr); - - if (md->version == 1 && tb[LWTUNNEL_IP_OPT_ERSPAN_INDEX]) { + md->version = ver; + if (ver == 1) { attr = tb[LWTUNNEL_IP_OPT_ERSPAN_INDEX]; md->u.index = nla_get_be32(attr); - } else if (md->version == 2 && tb[LWTUNNEL_IP_OPT_ERSPAN_DIR] && - tb[LWTUNNEL_IP_OPT_ERSPAN_HWID]) { + } else { attr = tb[LWTUNNEL_IP_OPT_ERSPAN_DIR]; md->u.md2.dir = nla_get_u8(attr); attr = tb[LWTUNNEL_IP_OPT_ERSPAN_HWID]; set_hwid(&md->u.md2, nla_get_u8(attr)); - } else { - return -EINVAL; } info->key.tun_flags |= TUNNEL_ERSPAN_OPT; |