提交 dfffc97d 编写于 作者: L Lorenzo Bianconi 提交者: David S. Miller

l2tp: double-check l2specific_type provided by userspace

Add sanity check on l2specific_type provided by userspace in
l2tp_nl_cmd_session_create() since just L2TP_L2SPECTYPE_DEFAULT and
L2TP_L2SPECTYPE_NONE are currently supported.
Moreover explicitly set l2specific_type to L2TP_L2SPECTYPE_DEFAULT
only if the userspace does not provide a value for it
Reviewed-by: NGuillaume Nault <g.nault@alphalink.fr>
Tested-by: NGuillaume Nault <g.nault@alphalink.fr>
Signed-off-by: NLorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 e0e8a149
...@@ -550,9 +550,16 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf ...@@ -550,9 +550,16 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
if (info->attrs[L2TP_ATTR_DATA_SEQ]) if (info->attrs[L2TP_ATTR_DATA_SEQ])
cfg.data_seq = nla_get_u8(info->attrs[L2TP_ATTR_DATA_SEQ]); cfg.data_seq = nla_get_u8(info->attrs[L2TP_ATTR_DATA_SEQ]);
cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT; if (info->attrs[L2TP_ATTR_L2SPEC_TYPE]) {
if (info->attrs[L2TP_ATTR_L2SPEC_TYPE])
cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]); cfg.l2specific_type = nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]);
if (cfg.l2specific_type != L2TP_L2SPECTYPE_DEFAULT &&
cfg.l2specific_type != L2TP_L2SPECTYPE_NONE) {
ret = -EINVAL;
goto out_tunnel;
}
} else {
cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
}
cfg.l2specific_len = 4; cfg.l2specific_len = 4;
if (info->attrs[L2TP_ATTR_L2SPEC_LEN]) if (info->attrs[L2TP_ATTR_L2SPEC_LEN])
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册