Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1b93ae64 authored Dec 27, 2005 by David S. Miller

[NET]: Validate socket filters against BPF_MAXINSNS in one spot.



Currently the checks are scattered all over and this leads
to inconsistencies and even cases where the check is not made.

Based upon a patch from Kris Katterjohn.

Signed-off-by: David S. Miller <davem@davemloft.net>

parent 6732bade

drivers/net/ppp_generic.c

+0 −3

Original line number	Diff line number	Diff line
		@@ -524,9 +524,6 @@ static int get_filter(void __user arg, struct sock_filter *p)
		if (copy_from_user(&uprog, arg, sizeof(uprog)))
		return -EFAULT;

		if (uprog.len > BPF_MAXINSNS)
		return -EINVAL;

		if (!uprog.len) {
		*p = NULL;
		return 0;

net/core/filter.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -293,7 +293,7 @@ int sk_chk_filter(struct sock_filter *filter, int flen)
		struct sock_filter *ftest;
		int pc;

		if (((unsigned int)flen >= (~0U / sizeof(struct sock_filter))) \|\| flen == 0)
		if (flen == 0 \|\| flen > BPF_MAXINSNS)
		return -EINVAL;

		/* check the filter code now */
		@@ -360,7 +360,7 @@ int sk_attach_filter(struct sock_fprog fprog, struct sock sk)
		int err;

		/* Make sure new filter is there and in the right amounts. */
		if (fprog->filter == NULL \|\| fprog->len > BPF_MAXINSNS)
		if (fprog->filter == NULL)
		return -EINVAL;

		fp = sock_kmalloc(sk, fsize+sizeof(*fp), GFP_KERNEL);