Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
Kernel
提交
b2a9d7c2
K
Kernel
项目概览
openeuler
/
Kernel
1 年多 前同步成功
通知
8
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
K
Kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
b2a9d7c2
编写于
4月 12, 2008
作者:
Y
YOSHIFUJI Hideaki
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
[IPV6]: Check length of int/boolean optval provided by user in setsockopt().
Signed-off-by:
N
YOSHIFUJI Hideaki
<
yoshfuji@linux-ipv6.org
>
上级
a28398ba
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
61 addition
and
7 deletion
+61
-7
net/ipv6/ipv6_sockglue.c
net/ipv6/ipv6_sockglue.c
+61
-7
未找到文件。
net/ipv6/ipv6_sockglue.c
浏览文件 @
b2a9d7c2
...
@@ -16,7 +16,6 @@
...
@@ -16,7 +16,6 @@
*
*
* FIXME: Make the setsockopt code POSIX compliant: That is
* FIXME: Make the setsockopt code POSIX compliant: That is
*
*
* o Return -EINVAL for setsockopt of short lengths
* o Truncate getsockopt returns
* o Truncate getsockopt returns
* o Return an optlen of the truncated length if need be
* o Return an optlen of the truncated length if need be
*
*
...
@@ -114,8 +113,13 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -114,8 +113,13 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
if
(
optval
==
NULL
)
if
(
optval
==
NULL
)
val
=
0
;
val
=
0
;
else
if
(
get_user
(
val
,
(
int
__user
*
)
optval
))
else
{
return
-
EFAULT
;
if
(
optlen
>=
sizeof
(
int
))
{
if
(
get_user
(
val
,
(
int
__user
*
)
optval
))
return
-
EFAULT
;
}
else
val
=
0
;
}
valbool
=
(
val
!=
0
);
valbool
=
(
val
!=
0
);
...
@@ -127,6 +131,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -127,6 +131,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
switch
(
optname
)
{
switch
(
optname
)
{
case
IPV6_ADDRFORM
:
case
IPV6_ADDRFORM
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
if
(
val
==
PF_INET
)
{
if
(
val
==
PF_INET
)
{
struct
ipv6_txoptions
*
opt
;
struct
ipv6_txoptions
*
opt
;
struct
sk_buff
*
pktopt
;
struct
sk_buff
*
pktopt
;
...
@@ -201,63 +207,86 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -201,63 +207,86 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
goto
e_inval
;
goto
e_inval
;
case
IPV6_V6ONLY
:
case
IPV6_V6ONLY
:
if
(
inet_sk
(
sk
)
->
num
)
if
(
optlen
<
sizeof
(
int
)
||
inet_sk
(
sk
)
->
num
)
goto
e_inval
;
goto
e_inval
;
np
->
ipv6only
=
valbool
;
np
->
ipv6only
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_RECVPKTINFO
:
case
IPV6_RECVPKTINFO
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
rxinfo
=
valbool
;
np
->
rxopt
.
bits
.
rxinfo
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_2292PKTINFO
:
case
IPV6_2292PKTINFO
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
rxoinfo
=
valbool
;
np
->
rxopt
.
bits
.
rxoinfo
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_RECVHOPLIMIT
:
case
IPV6_RECVHOPLIMIT
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
rxhlim
=
valbool
;
np
->
rxopt
.
bits
.
rxhlim
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_2292HOPLIMIT
:
case
IPV6_2292HOPLIMIT
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
rxohlim
=
valbool
;
np
->
rxopt
.
bits
.
rxohlim
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_RECVRTHDR
:
case
IPV6_RECVRTHDR
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
srcrt
=
valbool
;
np
->
rxopt
.
bits
.
srcrt
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_2292RTHDR
:
case
IPV6_2292RTHDR
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
osrcrt
=
valbool
;
np
->
rxopt
.
bits
.
osrcrt
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_RECVHOPOPTS
:
case
IPV6_RECVHOPOPTS
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
hopopts
=
valbool
;
np
->
rxopt
.
bits
.
hopopts
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_2292HOPOPTS
:
case
IPV6_2292HOPOPTS
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
ohopopts
=
valbool
;
np
->
rxopt
.
bits
.
ohopopts
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_RECVDSTOPTS
:
case
IPV6_RECVDSTOPTS
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
dstopts
=
valbool
;
np
->
rxopt
.
bits
.
dstopts
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_2292DSTOPTS
:
case
IPV6_2292DSTOPTS
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
odstopts
=
valbool
;
np
->
rxopt
.
bits
.
odstopts
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_TCLASS
:
case
IPV6_TCLASS
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
if
(
val
<
-
1
||
val
>
0xff
)
if
(
val
<
-
1
||
val
>
0xff
)
goto
e_inval
;
goto
e_inval
;
np
->
tclass
=
val
;
np
->
tclass
=
val
;
...
@@ -265,11 +294,15 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -265,11 +294,15 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
break
;
break
;
case
IPV6_RECVTCLASS
:
case
IPV6_RECVTCLASS
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
rxtclass
=
valbool
;
np
->
rxopt
.
bits
.
rxtclass
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_FLOWINFO
:
case
IPV6_FLOWINFO
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
rxopt
.
bits
.
rxflow
=
valbool
;
np
->
rxopt
.
bits
.
rxflow
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
...
@@ -288,9 +321,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -288,9 +321,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
if
(
optname
!=
IPV6_RTHDR
&&
!
capable
(
CAP_NET_RAW
))
if
(
optname
!=
IPV6_RTHDR
&&
!
capable
(
CAP_NET_RAW
))
break
;
break
;
retv
=
-
EINVAL
;
if
(
optlen
<
sizeof
(
struct
ipv6_opt_hdr
)
||
if
(
optlen
&
0x7
||
optlen
>
8
*
255
)
optlen
&
0x7
||
optlen
>
8
*
255
)
break
;
goto
e_inval
;
opt
=
ipv6_renew_options
(
sk
,
np
->
opt
,
optname
,
opt
=
ipv6_renew_options
(
sk
,
np
->
opt
,
optname
,
(
struct
ipv6_opt_hdr
__user
*
)
optval
,
(
struct
ipv6_opt_hdr
__user
*
)
optval
,
...
@@ -408,6 +441,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -408,6 +441,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
break
;
break
;
}
}
case
IPV6_UNICAST_HOPS
:
case
IPV6_UNICAST_HOPS
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
if
(
val
>
255
||
val
<
-
1
)
if
(
val
>
255
||
val
<
-
1
)
goto
e_inval
;
goto
e_inval
;
np
->
hop_limit
=
val
;
np
->
hop_limit
=
val
;
...
@@ -417,6 +452,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -417,6 +452,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
case
IPV6_MULTICAST_HOPS
:
case
IPV6_MULTICAST_HOPS
:
if
(
sk
->
sk_type
==
SOCK_STREAM
)
if
(
sk
->
sk_type
==
SOCK_STREAM
)
goto
e_inval
;
goto
e_inval
;
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
if
(
val
>
255
||
val
<
-
1
)
if
(
val
>
255
||
val
<
-
1
)
goto
e_inval
;
goto
e_inval
;
np
->
mcast_hops
=
val
;
np
->
mcast_hops
=
val
;
...
@@ -424,6 +461,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -424,6 +461,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
break
;
break
;
case
IPV6_MULTICAST_LOOP
:
case
IPV6_MULTICAST_LOOP
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
mc_loop
=
valbool
;
np
->
mc_loop
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
...
@@ -431,6 +470,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -431,6 +470,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
case
IPV6_MULTICAST_IF
:
case
IPV6_MULTICAST_IF
:
if
(
sk
->
sk_type
==
SOCK_STREAM
)
if
(
sk
->
sk_type
==
SOCK_STREAM
)
goto
e_inval
;
goto
e_inval
;
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
if
(
val
)
{
if
(
val
)
{
if
(
sk
->
sk_bound_dev_if
&&
sk
->
sk_bound_dev_if
!=
val
)
if
(
sk
->
sk_bound_dev_if
&&
sk
->
sk_bound_dev_if
!=
val
)
...
@@ -591,27 +632,37 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -591,27 +632,37 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
break
;
break
;
}
}
case
IPV6_ROUTER_ALERT
:
case
IPV6_ROUTER_ALERT
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
retv
=
ip6_ra_control
(
sk
,
val
,
NULL
);
retv
=
ip6_ra_control
(
sk
,
val
,
NULL
);
break
;
break
;
case
IPV6_MTU_DISCOVER
:
case
IPV6_MTU_DISCOVER
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
if
(
val
<
0
||
val
>
3
)
if
(
val
<
0
||
val
>
3
)
goto
e_inval
;
goto
e_inval
;
np
->
pmtudisc
=
val
;
np
->
pmtudisc
=
val
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_MTU
:
case
IPV6_MTU
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
if
(
val
&&
val
<
IPV6_MIN_MTU
)
if
(
val
&&
val
<
IPV6_MIN_MTU
)
goto
e_inval
;
goto
e_inval
;
np
->
frag_size
=
val
;
np
->
frag_size
=
val
;
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_RECVERR
:
case
IPV6_RECVERR
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
recverr
=
valbool
;
np
->
recverr
=
valbool
;
if
(
!
val
)
if
(
!
val
)
skb_queue_purge
(
&
sk
->
sk_error_queue
);
skb_queue_purge
(
&
sk
->
sk_error_queue
);
retv
=
0
;
retv
=
0
;
break
;
break
;
case
IPV6_FLOWINFO_SEND
:
case
IPV6_FLOWINFO_SEND
:
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
np
->
sndflow
=
valbool
;
np
->
sndflow
=
valbool
;
retv
=
0
;
retv
=
0
;
break
;
break
;
...
@@ -631,6 +682,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
...
@@ -631,6 +682,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
unsigned
int
pref
=
0
;
unsigned
int
pref
=
0
;
unsigned
int
prefmask
=
~
0
;
unsigned
int
prefmask
=
~
0
;
if
(
optlen
<
sizeof
(
int
))
goto
e_inval
;
retv
=
-
EINVAL
;
retv
=
-
EINVAL
;
/* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */
/* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录