Staging: batman-adv: protect against ogm packet overflow by checking table length
Reported-by: Sam Yeung <sam.cwyeung@gmail.com> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Marek Lindner
Greg Kroah-Hartman
parent
3c45603024
commit
24fb009bae
|
|
@ -59,6 +59,7 @@ void hna_local_add(struct net_device *soft_iface, uint8_t *addr)
|
||||||
struct hna_global_entry *hna_global_entry;
|
struct hna_global_entry *hna_global_entry;
|
||||||
struct hashtable_t *swaphash;
|
struct hashtable_t *swaphash;
|
||||||
unsigned long flags;
|
unsigned long flags;
|
||||||
|
int required_bytes;
|
||||||
|
|
||||||
spin_lock_irqsave(&bat_priv->hna_lhash_lock, flags);
|
spin_lock_irqsave(&bat_priv->hna_lhash_lock, flags);
|
||||||
hna_local_entry =
|
hna_local_entry =
|
||||||
|
|
@ -74,8 +75,12 @@ void hna_local_add(struct net_device *soft_iface, uint8_t *addr)
|
||||||
/* only announce as many hosts as possible in the batman-packet and
|
/* only announce as many hosts as possible in the batman-packet and
|
||||||
space in batman_packet->num_hna That also should give a limit to
|
space in batman_packet->num_hna That also should give a limit to
|
||||||
MAC-flooding. */
|
MAC-flooding. */
|
||||||
if ((bat_priv->num_local_hna + 1 > (ETH_DATA_LEN - BAT_PACKET_LEN)
|
required_bytes = (bat_priv->num_local_hna + 1) * ETH_ALEN;
|
||||||
/ ETH_ALEN) ||
|
required_bytes += BAT_PACKET_LEN;
|
||||||
|
|
||||||
|
if ((required_bytes > ETH_DATA_LEN) ||
|
||||||
|
(atomic_read(&bat_priv->aggregation_enabled) &&
|
||||||
|
required_bytes > MAX_AGGREGATION_BYTES) ||
|
||||||
(bat_priv->num_local_hna + 1 > 255)) {
|
(bat_priv->num_local_hna + 1 > 255)) {
|
||||||
bat_dbg(DBG_ROUTES, bat_priv,
|
bat_dbg(DBG_ROUTES, bat_priv,
|
||||||
"Can't add new local hna entry (%pM): "
|
"Can't add new local hna entry (%pM): "
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue