Skip to content

Commit 8d49953

Browse files
dcarattidavem330
dcaratti
authored and
davem330
committed
net/sched: act_simple: fix parsing of TCA_DEF_DATA
use nla_strlcpy() to avoid copying data beyond the length of TCA_DEF_DATA netlink attribute, in case it is less than SIMP_MAX_DATA and it does not end with '\0' character. v2: fix errors in the commit message, thanks Hangbin Liu Fixes: fa1b1cf ("net_cls_act: Make act_simple use of netlink policy.") Signed-off-by: Davide Caratti <[email protected]> Reviewed-by: Simon Horman <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent 6310a88 commit 8d49953

File tree

1 file changed

+6
-9
lines changed

1 file changed

+6
-9
lines changed

net/sched/act_simple.c

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -53,22 +53,22 @@ static void tcf_simp_release(struct tc_action *a)
5353
kfree(d->tcfd_defdata);
5454
}
5555

56-
static int alloc_defdata(struct tcf_defact *d, char *defdata)
56+
static int alloc_defdata(struct tcf_defact *d, const struct nlattr *defdata)
5757
{
5858
d->tcfd_defdata = kzalloc(SIMP_MAX_DATA, GFP_KERNEL);
5959
if (unlikely(!d->tcfd_defdata))
6060
return -ENOMEM;
61-
strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
61+
nla_strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
6262
return 0;
6363
}
6464

65-
static void reset_policy(struct tcf_defact *d, char *defdata,
65+
static void reset_policy(struct tcf_defact *d, const struct nlattr *defdata,
6666
struct tc_defact *p)
6767
{
6868
spin_lock_bh(&d->tcf_lock);
6969
d->tcf_action = p->action;
7070
memset(d->tcfd_defdata, 0, SIMP_MAX_DATA);
71-
strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
71+
nla_strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
7272
spin_unlock_bh(&d->tcf_lock);
7373
}
7474

@@ -87,7 +87,6 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
8787
struct tcf_defact *d;
8888
bool exists = false;
8989
int ret = 0, err;
90-
char *defdata;
9190

9291
if (nla == NULL)
9392
return -EINVAL;
@@ -110,16 +109,14 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
110109
return -EINVAL;
111110
}
112111

113-
defdata = nla_data(tb[TCA_DEF_DATA]);
114-
115112
if (!exists) {
116113
ret = tcf_idr_create(tn, parm->index, est, a,
117114
&act_simp_ops, bind, false);
118115
if (ret)
119116
return ret;
120117

121118
d = to_defact(*a);
122-
ret = alloc_defdata(d, defdata);
119+
ret = alloc_defdata(d, tb[TCA_DEF_DATA]);
123120
if (ret < 0) {
124121
tcf_idr_release(*a, bind);
125122
return ret;
@@ -133,7 +130,7 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
133130
if (!ovr)
134131
return -EEXIST;
135132

136-
reset_policy(d, defdata, parm);
133+
reset_policy(d, tb[TCA_DEF_DATA], parm);
137134
}
138135

139136
if (ret == ACT_P_CREATED)

0 commit comments

Comments
 (0)