[NET]: Validate socket filters against BPF_MAXINSNS in one spot.

Currently the checks are scattered all over and this leads to inconsistencies and even cases where the check is not made. Based upon a patch from Kris Katterjohn. Signed-off-by: N David S. Miller <davem@davemloft.net>

[NET]: Validate socket filters against BPF_MAXINSNS in one spot.
Currently the checks are scattered all over and this leads to inconsistencies and even cases where the check is not made. Based upon a patch from Kris Katterjohn. Signed-off-by: N David S. Miller <davem@davemloft.net>
1b93ae64 · David S. Miller · 6732bade · 1b93ae64 · 1b93ae64
隐藏空白更改
内联并排

Showing with 2 addition and 5 deletion

drivers/net/ppp_generic.c drivers/net/ppp_generic.c +0 -3

net/core/filter.c net/core/filter.c +2 -2

未找到文件。
--- a/drivers/net/ppp_generic.c
+++ b/drivers/net/ppp_generic.c
@@ -524,9 +524,6 @@ static int get_filter(void __user *arg, struct sock_filter **p)
 	if (copy_from_user(&uprog, arg, sizeof(uprog)))
 		return -EFAULT;

-	if (uprog.len > BPF_MAXINSNS)
-		return -EINVAL;
-
 	if (!uprog.len) {
 		*p = NULL;
 		return 0;

--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -293,7 +293,7 @@ int sk_chk_filter(struct sock_filter *filter, int flen)
 	struct sock_filter *ftest;
 	int pc;

-	if (((unsigned int)flen >= (~0U / sizeof(struct sock_filter))) || flen == 0)
+	if (flen == 0 || flen > BPF_MAXINSNS)
 		return -EINVAL;

 	/* check the filter code now */
@@ -360,7 +360,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)
 	int err;

 	/* Make sure new filter is there and in the right amounts. */
-        if (fprog->filter == NULL || fprog->len > BPF_MAXINSNS)
+        if (fprog->filter == NULL)
                return -EINVAL;

 	fp = sock_kmalloc(sk, fsize+sizeof(*fp), GFP_KERNEL);