From patchwork Thu Jan 22 09:58:19 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 431750 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4B53F140284 for ; Thu, 22 Jan 2015 20:58:35 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752569AbbAVJ62 (ORCPT ); Thu, 22 Jan 2015 04:58:28 -0500 Received: from mx1.redhat.com ([209.132.183.28]:40872 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752244AbbAVJ60 (ORCPT ); Thu, 22 Jan 2015 04:58:26 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t0M9wOOG008370 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 22 Jan 2015 04:58:24 -0500 Received: from localhost (vpn1-6-187.ams2.redhat.com [10.36.6.187]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t0M9wNTO031840; Thu, 22 Jan 2015 04:58:23 -0500 From: Daniel Borkmann To: davem@davemloft.net Cc: jiri@resnulli.us, netdev@vger.kernel.org Subject: [PATCH net-next 2/2] net: act_bpf: fix size mismatch on filter preparation Date: Thu, 22 Jan 2015 10:58:19 +0100 Message-Id: <1421920699-26556-3-git-send-email-dborkman@redhat.com> In-Reply-To: <1421920699-26556-1-git-send-email-dborkman@redhat.com> References: <1421920699-26556-1-git-send-email-dborkman@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Similarly as in cls_bpf, also this code needs to reject mismatches. Reference: http://article.gmane.org/gmane.linux.network/347406 Fixes: d23b8ad8ab23 ("tc: add BPF based action") Signed-off-by: Daniel Borkmann Acked-by: Jiri Pirko Acked-by: Alexei Starovoitov --- net/sched/act_bpf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c index 1bd257e..82c5d7f 100644 --- a/net/sched/act_bpf.c +++ b/net/sched/act_bpf.c @@ -122,6 +122,9 @@ static int tcf_bpf_init(struct net *net, struct nlattr *nla, return -EINVAL; bpf_size = bpf_num_ops * sizeof(*bpf_ops); + if (bpf_size != nla_len(tb[TCA_ACT_BPF_OPS])) + return -EINVAL; + bpf_ops = kzalloc(bpf_size, GFP_KERNEL); if (!bpf_ops) return -ENOMEM;