diff options
author | Thomas Graf <tgraf@suug.ch> | 2007-03-24 20:32:54 -0700 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-03-25 18:48:03 -0700 |
commit | a0ee18b9b7d3847976c6fb315c06a34fb296de0e (patch) | |
tree | 5ebef9a68b3aba01c0d8b3285429ae47bb287c9a /net/ipv4/fib_frontend.c | |
parent | 954b2e7f4c37cbcdcf4ca7ac47524f3f6bf30119 (diff) | |
download | lwn-a0ee18b9b7d3847976c6fb315c06a34fb296de0e.tar.gz lwn-a0ee18b9b7d3847976c6fb315c06a34fb296de0e.zip |
[IPv4] fib: Fix out of bound access of fib_props[]
Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/fib_frontend.c')
-rw-r--r-- | net/ipv4/fib_frontend.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 1fba6439fc57..fc920f63452b 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -493,6 +493,11 @@ static int rtm_to_fib_config(struct sk_buff *skb, struct nlmsghdr *nlh, cfg->fc_nlinfo.pid = NETLINK_CB(skb).pid; cfg->fc_nlinfo.nlh = nlh; + if (cfg->fc_type > RTN_MAX) { + err = -EINVAL; + goto errout; + } + nlmsg_for_each_attr(attr, nlh, sizeof(struct rtmsg), remaining) { switch (attr->nla_type) { case RTA_DST: |