| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090609085408.9b38ffe1.usui@mxm.nes.nec.co.jp>
Date: Tue, 9 Jun 2009 08:54:08 +0900
From: Minoru Usui <usui@....nes.nec.co.jp>
To: containers@...ts.linux-foundation.org, netdev@...r.kernel.org
Cc: tgraf@...g.ch, hadi@...erus.ca, jarkao2@...il.com
Subject: [PATCH 1/1] cls_cgroup: Fix oops when user send improperly 'tc
filter add' request
cls_cgroup: Fix oops when user send improperly 'tc filter add' request
I found a bug in cls_cgroup_change() in cls_cgroup.c.
cls_cgroup_change() expected tca[TCA_OPTIONS] was set from user space properly,
but tc in iproute2-2.6.29-1 (which I used) didn't set it.
In the current source code of tc in git, it set tca[TCA_OPTIONS].
git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
If we always use a newest iproute2 in git when we use cls_cgroup,
we don't face this oops probably.
But I think, kernel shouldn't panic regardless of use program's behaviour.
Signed-off-by: Minoru Usui <usui@....nes.nec.co.jp>
diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c
index cc29b44..2ec0adc 100644
--- a/net/sched/cls_cgroup.c
+++ b/net/sched/cls_cgroup.c
@@ -167,6 +167,9 @@ static int cls_cgroup_change(struct tcf_proto *tp, unsigned long base,
struct tcf_exts e;
int err;
+ if (!tca[TCA_OPTIONS])
+ return -EINVAL;
+
if (head == NULL) {
if (!handle)
return -EINVAL;
--
Minoru Usui <usui@....nes.nec.co.jp>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists