netdev
[Top] [All Lists]

[PATCH] ax25 setsockopt(SO_BINDTODEVICE) bug fix

To: Jeroen Vreeken <pe1rxq@xxxxxxxxx>
Subject: [PATCH] ax25 setsockopt(SO_BINDTODEVICE) bug fix
From: Stephen Hemminger <shemminger@xxxxxxxx>
Date: Tue, 12 Aug 2003 17:19:26 -0700
Cc: linux-hams@xxxxxxxxxxxxxxx, ralf@xxxxxxxxxxxxxx, davem@xxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20030813010301.K28977@xxxxxxxxxxxxxxxxxxxxxx>
Organization: Open Source Development Lab
References: <20030812194653.A28977@xxxxxxxxxxxxxxxxxxxxxx> <20030812135655.7334887b.shemminger@xxxxxxxx> <20030812230951.E28977@xxxxxxxxxxxxxxxxxxxxxx> <20030812153901.6e700dcb.shemminger@xxxxxxxx> <20030813010301.K28977@xxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
Fix the error path (and indentation) in the SO_BINDTODEVICE setsockopt.
As it was, a reference to the device was left hanging, and it would
not check to see if the device was really an AX25 device.

Found this with a simple test program on 2.6.0-test3 with your rqx4 patch.

--- ax25/net/ax25/af_ax25.c     2003-08-12 17:08:42.025816088 -0700
+++ linux-2.5-net/net/ax25/af_ax25.c    2003-08-12 16:47:07.802057749 -0700
                if (optlen > IFNAMSIZ)
                        optlen=IFNAMSIZ;
                if (copy_from_user(devname, optval, optlen)) {
-               res = -EFAULT;
+                       res = -EFAULT;
                        break;
                }
 
@@ -650,12 +650,14 @@ static int ax25_setsockopt(struct socket
                   (sock->state != SS_UNCONNECTED ||
                    sk->sk_state == TCP_LISTEN)) {
                        res = -EADDRNOTAVAIL;
-                       dev_put(dev);
-                       break;
                }
 
-               ax25->ax25_dev = ax25_dev_ax25dev(dev);
-               ax25_fillin_cb(ax25, ax25->ax25_dev);
+               else if ((ax25->ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
+                       res = -EINVAL;
+               else 
+                       ax25_fillin_cb(ax25, ax25->ax25_dev);
+
+               dev_put(dev);
                break;
 
        default:

<Prev in Thread] Current Thread [Next in Thread>