Commit 1b93ae64 authored by David S. Miller's avatar David S. Miller

[NET]: Validate socket filters against BPF_MAXINSNS in one spot.

Currently the checks are scattered all over and this leads
to inconsistencies and even cases where the check is not made.

Based upon a patch from Kris Katterjohn.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 6732bade
...@@ -524,9 +524,6 @@ static int get_filter(void __user *arg, struct sock_filter **p) ...@@ -524,9 +524,6 @@ static int get_filter(void __user *arg, struct sock_filter **p)
if (copy_from_user(&uprog, arg, sizeof(uprog))) if (copy_from_user(&uprog, arg, sizeof(uprog)))
return -EFAULT; return -EFAULT;
if (uprog.len > BPF_MAXINSNS)
return -EINVAL;
if (!uprog.len) { if (!uprog.len) {
*p = NULL; *p = NULL;
return 0; return 0;
......
...@@ -293,7 +293,7 @@ int sk_chk_filter(struct sock_filter *filter, int flen) ...@@ -293,7 +293,7 @@ int sk_chk_filter(struct sock_filter *filter, int flen)
struct sock_filter *ftest; struct sock_filter *ftest;
int pc; int pc;
if (((unsigned int)flen >= (~0U / sizeof(struct sock_filter))) || flen == 0) if (flen == 0 || flen > BPF_MAXINSNS)
return -EINVAL; return -EINVAL;
/* check the filter code now */ /* check the filter code now */
...@@ -360,7 +360,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) ...@@ -360,7 +360,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)
int err; int err;
/* Make sure new filter is there and in the right amounts. */ /* Make sure new filter is there and in the right amounts. */
if (fprog->filter == NULL || fprog->len > BPF_MAXINSNS) if (fprog->filter == NULL)
return -EINVAL; return -EINVAL;
fp = sock_kmalloc(sk, fsize+sizeof(*fp), GFP_KERNEL); fp = sock_kmalloc(sk, fsize+sizeof(*fp), GFP_KERNEL);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment