On Thu, Jan 24, 2013 at 09:22:56AM +0100, walter harms wrote:
>
>
> Am 24.01.2013 07:38, schrieb Dan Carpenter:
> > We did this for IPv4 in b49d3c1e1c "net: ipmr: limit MRT_TABLE
> > identifiers" but we need to do it for IPv6 as well. On IPv6 the name
> > is "pim6reg" instead of "pimreg" so there is one less digit allowed.
> >
> > The strcpy() is in ip6mr_reg_vif().
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> >
> > diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
> > index acc3249..351ce98 100644
> > --- a/net/ipv6/ip6mr.c
> > +++ b/net/ipv6/ip6mr.c
> > @@ -1766,6 +1766,9 @@ int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, uns
> > return -EINVAL;
> > if (get_user(v, (u32 __user *)optval))
> > return -EFAULT;
> > + /* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
> > + if (v != RT_TABLE_DEFAULT && v >= 100000000)
> > + return -EINVAL;
> > if (sk == mrt->mroute6_sk)
> > return -EBUSY;
> >
> hi Dan,
> that comment left me in a bit confused, i guess you men
> printf( "pim6reg%u",v) should not exceed IFNAMSIZ (16 bytes) ?
Yes.
> also the if is a bit strange, i assume that RT_TABLE_DEFAULT is const
> so anything else is rejected than v==RT_TABLE_DEFAULT
> (assuming that RT_TABLE_DEFAULT >= 100000000 ....)
I don't understand what you are saying.
The patch is basically copy and pasted from b49d3c1e1c "net: ipmr:
limit MRT_TABLE identifiers". RT6_TABLE_DFLT is allowed to be a
high number because in ip6mr_reg_vif() we do:
if (mrt->id == RT6_TABLE_DFLT)
sprintf(name, "pim6reg");
else
sprintf(name, "pim6reg%u", mrt->id);
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
