Hi Charlie,
2010/5/12 Charlie Brady <charlieb@xxxxxxxxxxxxxxxxxx>:
> On Wed, 12 May 2010, Daniel Borkmann wrote:
>> right, since it is checked for overflows, a misuse of this function
> Do you mean "is not checked"?
Well, currently it is checked whether the (unsigned) promisc counter
of a netdevice touches "roof" (-> UINT_MAX), but the other way round,
if it touches bottom leaves unchecked for now. So in short words if the
current promisc counter value is 3 and your inc value is -4 it "overflows"
and corrupts the counter value.
>> the other way round could end in a
>> mess, too. What do you think David?
>>
>> 2010/5/11 Emmanuel Roullit <emmanuel@xxxxxxxxxxxxxxx>:
>> > Signed-off-by: Emmanuel Roullit <emmanuel@xxxxxxxxxxxxxxx>
>> >
>> > diff --git a/net/core/dev.c b/net/core/dev.c
>> > index f769098..f49dbde 100644
>> > --- a/net/core/dev.c
>> > +++ b/net/core/dev.c
>> > @@ -3591,6 +3591,13 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc)
>> >
>> > ASSERT_RTNL();
>> >
>> > + if (inc < 0 && -inc > dev->promiscuity) {
>> > + printk(KERN_WARNING "%s: promiscuity touches bottom, "
>> > + "set promiscuity failed, promiscuity feature "
>> > + "of device might be broken.\n", dev->name);
>> > + return -EOVERFLOW;
>> > + }
>> > +
>> > dev->flags |= IFF_PROMISC;
>> > dev->promiscuity += inc;
>> > if (dev->promiscuity == 0) {
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
