netdev
[Top] [All Lists]

[PATCH 2.6 NET] Catch wrong RTATTR_MAX with BUG()

To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: [PATCH 2.6 NET] Catch wrong RTATTR_MAX with BUG()
From: Thomas Graf <tgraf@xxxxxxx>
Date: Thu, 9 Sep 2004 18:43:46 +0200
Cc: netdev@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
Catches outdated/invalid RTATTR_MAX and therefore avoids possible stack
corruption.

Signed-off-by: Thomas Graf <tgraf@xxxxxxx>

--- linux-2.6.9-rc1-bk15.orig/net/core/rtnetlink.c      2004-09-08 
18:33:42.000000000 +0200
+++ linux-2.6.9-rc1-bk15/net/core/rtnetlink.c   2004-09-09 18:18:22.000000000 
+0200
@@ -450,6 +450,9 @@
        sz_idx = type>>2;
        kind = type&3;
 
+       if (RTATTR_MAX < rta_max[sz_idx])
+               BUG();
+
        if (kind != 2 && security_netlink_recv(skb)) {
                *errp = -EPERM;
                return -1;

<Prev in Thread] Current Thread [Next in Thread>