From: Christoph Schulz <develop@xxxxxxxxxx>
Date: Wed, 16 Jul 2014 22:10:29 +0200
> From: Christoph Schulz <develop@xxxxxxxxxx>
>
> Commit 568f194e8bd16c353ad50f9ab95d98b20578a39d ("net: ppp: use
> sk_unattached_filter api") inadvertently changed the logic when setting
> PPP pass and active filters. This applies to both the generic PPP subsystem
> implemented by drivers/net/ppp/ppp_generic.c and the ISDN PPP subsystem
> implemented by drivers/isdn/i4l/isdn_ppp.c. The original code in ppp_ioctl()
> (or isdn_ppp_ioctl(), resp.) handling PPPIOCSPASS and PPPIOCSACTIVE allowed to
> remove a pass/active filter previously set by using a filter of length zero.
> However, with the new code this is not possible anymore as this case is not
> explicitly checked for, which leads to passing NULL as a filter to
> sk_unattached_filter_create(). This results in returning EINVAL to the caller.
>
> Additionally, the variables ppp->pass_filter and ppp->active_filter (or
> is->pass_filter and is->active_filter, resp.) are not reset to NULL, although
> the filters they point to may have been destroyed by
> sk_unattached_filter_destroy(), so in this EINVAL case dangling pointers are
> left behind (provided the pointers were previously non-NULL).
>
> This patch corrects both problems by checking whether the filter passed is
> empty or non-empty, and prevents sk_unattached_filter_create() from being
> called in the first case. Moreover, the pointers are always reset to NULL
> as soon as sk_unattached_filter_destroy() returns.
>
> Signed-off-by: Christoph Schulz <develop@xxxxxxxxxx>
Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
