提交 0ab03c2b 编写于 作者: J Jan Engelhardt 提交者: David S. Miller

netlink: test for all flags of the NLM_F_DUMP composite

Due to NLM_F_DUMP is composed of two bits, NLM_F_ROOT | NLM_F_MATCH,
when doing "if (x & NLM_F_DUMP)", it tests for _either_ of the bits
being set. Because NLM_F_MATCH's value overlaps with NLM_F_EXCL,
non-dump requests with NLM_F_EXCL set are mistaken as dump requests.

Substitute the condition to test for _all_ bits being set.
Signed-off-by: NJan Engelhardt <jengelh@medozas.de>
Acked-by: NPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 dba5a68a
...@@ -1820,7 +1820,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -1820,7 +1820,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN))
return -EPERM; return -EPERM;
if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { if (kind == 2 && (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
struct sock *rtnl; struct sock *rtnl;
rtnl_dumpit_func dumpit; rtnl_dumpit_func dumpit;
......
...@@ -858,7 +858,7 @@ static int inet_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -858,7 +858,7 @@ static int inet_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
nlmsg_len(nlh) < hdrlen) nlmsg_len(nlh) < hdrlen)
return -EINVAL; return -EINVAL;
if (nlh->nlmsg_flags & NLM_F_DUMP) { if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
if (nlmsg_attrlen(nlh, hdrlen)) { if (nlmsg_attrlen(nlh, hdrlen)) {
struct nlattr *attr; struct nlattr *attr;
......
...@@ -928,7 +928,7 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, ...@@ -928,7 +928,7 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
u16 zone; u16 zone;
int err; int err;
if (nlh->nlmsg_flags & NLM_F_DUMP) if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP)
return netlink_dump_start(ctnl, skb, nlh, ctnetlink_dump_table, return netlink_dump_start(ctnl, skb, nlh, ctnetlink_dump_table,
ctnetlink_done); ctnetlink_done);
...@@ -1790,7 +1790,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, ...@@ -1790,7 +1790,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
u16 zone; u16 zone;
int err; int err;
if (nlh->nlmsg_flags & NLM_F_DUMP) { if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
return netlink_dump_start(ctnl, skb, nlh, return netlink_dump_start(ctnl, skb, nlh,
ctnetlink_exp_dump_table, ctnetlink_exp_dump_table,
ctnetlink_exp_done); ctnetlink_exp_done);
......
...@@ -519,7 +519,7 @@ static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -519,7 +519,7 @@ static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
security_netlink_recv(skb, CAP_NET_ADMIN)) security_netlink_recv(skb, CAP_NET_ADMIN))
return -EPERM; return -EPERM;
if (nlh->nlmsg_flags & NLM_F_DUMP) { if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
if (ops->dumpit == NULL) if (ops->dumpit == NULL)
return -EOPNOTSUPP; return -EOPNOTSUPP;
......
...@@ -2187,7 +2187,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -2187,7 +2187,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||
type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) &&
(nlh->nlmsg_flags & NLM_F_DUMP)) { (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
if (link->dump == NULL) if (link->dump == NULL)
return -EINVAL; return -EINVAL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册