| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 May 2017 10:48:40 +0200
From: Tobias Jungel <tobias.jungel@...dn.de>
To: Sabrina Dubroca <sd@...asysnail.net>,
Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
Stephen Hemminger <stephen@...workplumber.org>,
"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: [PATCH v3] bridge: netlink: check vlan_default_pvid range
Currently it is allowed to set the default pvid of a bridge to a value
above VLAN_VID_MASK (0xfff). This patch adds a check to br_validate and
returns -EINVAL in case the pvid is out of bounds.
Reproduce by calling:
[root@...t ~]# ip l a type bridge
[root@...t ~]# ip l a type dummy
[root@...t ~]# ip l s bridge0 type bridge vlan_filtering 1
[root@...t ~]# ip l s bridge0 type bridge vlan_default_pvid 9999
[root@...t ~]# ip l s dummy0 master bridge0
[root@...t ~]# bridge vlan
port vlan ids
bridge0 9999 PVID Egress Untagged
dummy0 9999 PVID Egress Untagged
Fixes: 0f963b7592ef ("bridge: netlink: add support for default_pvid")
Signed-off-by: Tobias Jungel <tobias.jungel@...dn.de>
---
net/bridge/br_netlink.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index c5ce774..47cb95b 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -835,6 +835,12 @@ static int br_validate(struct nlattr *tb[], struct nlattr *data[])
return -EPROTONOSUPPORT;
}
}
+
+ if (data[IFLA_BR_VLAN_DEFAULT_PVID]) {
+ __u16 defpvid = nla_get_u16(data[IFLA_BR_VLAN_DEFAULT_PVID]);
+ if (defpvid >= VLAN_VID_MASK)
+ return -EINVAL;
+ }
#endif
return 0;
--
2.9.4
Powered by blists - more mailing lists