diff options
| author |   Jakub Kicinski <kuba@kernel.org> | 2022-03-10 20:15:29 -0800 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2022-03-10 20:15:30 -0800 |
| commit | 462248536174d95c69e5013f95cf4243cee686e6 (patch) | |
| tree | f2284583cd179aa85c97b4f0439c6af6d4414387 | |
| parent | net: openvswitch: fix uAPI incompatibility with existing user space (diff) | |
| parent | net: limit altnames to 64k total (diff) | |
| download | linux-dev-462248536174d95c69e5013f95cf4243cee686e6.tar.xz linux-dev-462248536174d95c69e5013f95cf4243cee686e6.zip | |
Merge branch 'net-control-the-length-of-the-altname-list'
Jakub Kicinski says:
====================
net: control the length of the altname list
Count the memory used for altnames and don't let user
overflow the property nlattr. This was reported by George:
https://lore.kernel.org/all/3e564baf-a1dd-122e-2882-ff143f7eb578@gmail.com/
====================
Link: https://lore.kernel.org/r/20220309182914.423834-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | net/core/rtnetlink.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index a759f9e0a847..159c9c61e6af 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -3652,13 +3652,24 @@ static int rtnl_alt_ifname(int cmd, struct net_device *dev, struct nlattr *attr, bool *changed, struct netlink_ext_ack *extack) { char *alt_ifname; + size_t size; int err; err = nla_validate(attr, attr->nla_len, IFLA_MAX, ifla_policy, extack); if (err) return err; - alt_ifname = nla_strdup(attr, GFP_KERNEL); + if (cmd == RTM_NEWLINKPROP) { + size = rtnl_prop_list_size(dev); + size += nla_total_size(ALTIFNAMSIZ); + if (size >= U16_MAX) { + NL_SET_ERR_MSG(extack, + "effective property list too long"); + return -EINVAL; + } + } + + alt_ifname = nla_strdup(attr, GFP_KERNEL_ACCOUNT); if (!alt_ifname) return -ENOMEM; |