Merge branch 'net-tunnel-name-validate'
Eric Dumazet says: ==================== net: better validate user provided tunnel names This series changes dev_valid_name() to not attempt reading a possibly too long user-provided device name, then use this helper in five different tunnel providers. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
d68a19f89b
|
|
@ -1027,7 +1027,7 @@ bool dev_valid_name(const char *name)
|
|||
{
|
||||
if (*name == '\0')
|
||||
return false;
|
||||
if (strlen(name) >= IFNAMSIZ)
|
||||
if (strnlen(name, IFNAMSIZ) == IFNAMSIZ)
|
||||
return false;
|
||||
if (!strcmp(name, ".") || !strcmp(name, ".."))
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -253,13 +253,14 @@ static struct net_device *__ip_tunnel_create(struct net *net,
|
|||
struct net_device *dev;
|
||||
char name[IFNAMSIZ];
|
||||
|
||||
if (parms->name[0])
|
||||
strlcpy(name, parms->name, IFNAMSIZ);
|
||||
else {
|
||||
if (strlen(ops->kind) > (IFNAMSIZ - 3)) {
|
||||
err = -E2BIG;
|
||||
err = -E2BIG;
|
||||
if (parms->name[0]) {
|
||||
if (!dev_valid_name(parms->name))
|
||||
goto failed;
|
||||
strlcpy(name, parms->name, IFNAMSIZ);
|
||||
} else {
|
||||
if (strlen(ops->kind) > (IFNAMSIZ - 3))
|
||||
goto failed;
|
||||
}
|
||||
strlcpy(name, ops->kind, IFNAMSIZ);
|
||||
strncat(name, "%d", 2);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -335,11 +335,13 @@ static struct ip6_tnl *ip6gre_tunnel_locate(struct net *net,
|
|||
if (t || !create)
|
||||
return t;
|
||||
|
||||
if (parms->name[0])
|
||||
if (parms->name[0]) {
|
||||
if (!dev_valid_name(parms->name))
|
||||
return NULL;
|
||||
strlcpy(name, parms->name, IFNAMSIZ);
|
||||
else
|
||||
} else {
|
||||
strcpy(name, "ip6gre%d");
|
||||
|
||||
}
|
||||
dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN,
|
||||
ip6gre_tunnel_setup);
|
||||
if (!dev)
|
||||
|
|
|
|||
|
|
@ -297,13 +297,16 @@ static struct ip6_tnl *ip6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
|
|||
struct net_device *dev;
|
||||
struct ip6_tnl *t;
|
||||
char name[IFNAMSIZ];
|
||||
int err = -ENOMEM;
|
||||
int err = -E2BIG;
|
||||
|
||||
if (p->name[0])
|
||||
if (p->name[0]) {
|
||||
if (!dev_valid_name(p->name))
|
||||
goto failed;
|
||||
strlcpy(name, p->name, IFNAMSIZ);
|
||||
else
|
||||
} else {
|
||||
sprintf(name, "ip6tnl%%d");
|
||||
|
||||
}
|
||||
err = -ENOMEM;
|
||||
dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN,
|
||||
ip6_tnl_dev_setup);
|
||||
if (!dev)
|
||||
|
|
|
|||
|
|
@ -212,10 +212,13 @@ static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p
|
|||
char name[IFNAMSIZ];
|
||||
int err;
|
||||
|
||||
if (p->name[0])
|
||||
if (p->name[0]) {
|
||||
if (!dev_valid_name(p->name))
|
||||
goto failed;
|
||||
strlcpy(name, p->name, IFNAMSIZ);
|
||||
else
|
||||
} else {
|
||||
sprintf(name, "ip6_vti%%d");
|
||||
}
|
||||
|
||||
dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup);
|
||||
if (!dev)
|
||||
|
|
|
|||
|
|
@ -250,11 +250,13 @@ static struct ip_tunnel *ipip6_tunnel_locate(struct net *net,
|
|||
if (!create)
|
||||
goto failed;
|
||||
|
||||
if (parms->name[0])
|
||||
if (parms->name[0]) {
|
||||
if (!dev_valid_name(parms->name))
|
||||
goto failed;
|
||||
strlcpy(name, parms->name, IFNAMSIZ);
|
||||
else
|
||||
} else {
|
||||
strcpy(name, "sit%d");
|
||||
|
||||
}
|
||||
dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN,
|
||||
ipip6_tunnel_setup);
|
||||
if (!dev)
|
||||
|
|
|
|||
Loading…
Reference in New Issue