can: gw: Use nla_policy to validate netlink attributes
Also use nla_get_u32() instead of nla_memcpy() to access u32 attribtues. Signed-off-by: Thomas Graf <tgraf@suug.ch> Tested-by: Oliver Hartkopp <socketcan@hartkopp.net> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
This commit is contained in:
parent
6eaf53ca7b
commit
732d35fd08
47
net/can/gw.c
47
net/can/gw.c
|
@ -558,6 +558,18 @@ cont:
|
||||||
return skb->len;
|
return skb->len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const struct nla_policy cgw_policy[CGW_MAX+1] = {
|
||||||
|
[CGW_MOD_AND] = { .len = sizeof(struct cgw_frame_mod) },
|
||||||
|
[CGW_MOD_OR] = { .len = sizeof(struct cgw_frame_mod) },
|
||||||
|
[CGW_MOD_XOR] = { .len = sizeof(struct cgw_frame_mod) },
|
||||||
|
[CGW_MOD_SET] = { .len = sizeof(struct cgw_frame_mod) },
|
||||||
|
[CGW_CS_XOR] = { .len = sizeof(struct cgw_csum_xor) },
|
||||||
|
[CGW_CS_CRC8] = { .len = sizeof(struct cgw_csum_crc8) },
|
||||||
|
[CGW_SRC_IF] = { .type = NLA_U32 },
|
||||||
|
[CGW_DST_IF] = { .type = NLA_U32 },
|
||||||
|
[CGW_FILTER] = { .len = sizeof(struct can_filter) },
|
||||||
|
};
|
||||||
|
|
||||||
/* check for common and gwtype specific attributes */
|
/* check for common and gwtype specific attributes */
|
||||||
static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
u8 gwtype, void *gwtypeattr)
|
u8 gwtype, void *gwtypeattr)
|
||||||
|
@ -570,14 +582,14 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
/* initialize modification & checksum data space */
|
/* initialize modification & checksum data space */
|
||||||
memset(mod, 0, sizeof(*mod));
|
memset(mod, 0, sizeof(*mod));
|
||||||
|
|
||||||
err = nlmsg_parse(nlh, sizeof(struct rtcanmsg), tb, CGW_MAX, NULL);
|
err = nlmsg_parse(nlh, sizeof(struct rtcanmsg), tb, CGW_MAX,
|
||||||
|
cgw_policy);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
/* check for AND/OR/XOR/SET modifications */
|
/* check for AND/OR/XOR/SET modifications */
|
||||||
|
|
||||||
if (tb[CGW_MOD_AND] &&
|
if (tb[CGW_MOD_AND]) {
|
||||||
nla_len(tb[CGW_MOD_AND]) == CGW_MODATTR_LEN) {
|
|
||||||
nla_memcpy(&mb, tb[CGW_MOD_AND], CGW_MODATTR_LEN);
|
nla_memcpy(&mb, tb[CGW_MOD_AND], CGW_MODATTR_LEN);
|
||||||
|
|
||||||
canframecpy(&mod->modframe.and, &mb.cf);
|
canframecpy(&mod->modframe.and, &mb.cf);
|
||||||
|
@ -593,8 +605,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
mod->modfunc[modidx++] = mod_and_data;
|
mod->modfunc[modidx++] = mod_and_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tb[CGW_MOD_OR] &&
|
if (tb[CGW_MOD_OR]) {
|
||||||
nla_len(tb[CGW_MOD_OR]) == CGW_MODATTR_LEN) {
|
|
||||||
nla_memcpy(&mb, tb[CGW_MOD_OR], CGW_MODATTR_LEN);
|
nla_memcpy(&mb, tb[CGW_MOD_OR], CGW_MODATTR_LEN);
|
||||||
|
|
||||||
canframecpy(&mod->modframe.or, &mb.cf);
|
canframecpy(&mod->modframe.or, &mb.cf);
|
||||||
|
@ -610,8 +621,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
mod->modfunc[modidx++] = mod_or_data;
|
mod->modfunc[modidx++] = mod_or_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tb[CGW_MOD_XOR] &&
|
if (tb[CGW_MOD_XOR]) {
|
||||||
nla_len(tb[CGW_MOD_XOR]) == CGW_MODATTR_LEN) {
|
|
||||||
nla_memcpy(&mb, tb[CGW_MOD_XOR], CGW_MODATTR_LEN);
|
nla_memcpy(&mb, tb[CGW_MOD_XOR], CGW_MODATTR_LEN);
|
||||||
|
|
||||||
canframecpy(&mod->modframe.xor, &mb.cf);
|
canframecpy(&mod->modframe.xor, &mb.cf);
|
||||||
|
@ -627,8 +637,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
mod->modfunc[modidx++] = mod_xor_data;
|
mod->modfunc[modidx++] = mod_xor_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tb[CGW_MOD_SET] &&
|
if (tb[CGW_MOD_SET]) {
|
||||||
nla_len(tb[CGW_MOD_SET]) == CGW_MODATTR_LEN) {
|
|
||||||
nla_memcpy(&mb, tb[CGW_MOD_SET], CGW_MODATTR_LEN);
|
nla_memcpy(&mb, tb[CGW_MOD_SET], CGW_MODATTR_LEN);
|
||||||
|
|
||||||
canframecpy(&mod->modframe.set, &mb.cf);
|
canframecpy(&mod->modframe.set, &mb.cf);
|
||||||
|
@ -647,9 +656,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
/* check for checksum operations after CAN frame modifications */
|
/* check for checksum operations after CAN frame modifications */
|
||||||
if (modidx) {
|
if (modidx) {
|
||||||
|
|
||||||
if (tb[CGW_CS_CRC8] &&
|
if (tb[CGW_CS_CRC8]) {
|
||||||
nla_len(tb[CGW_CS_CRC8]) == CGW_CS_CRC8_LEN) {
|
|
||||||
|
|
||||||
struct cgw_csum_crc8 *c = (struct cgw_csum_crc8 *)\
|
struct cgw_csum_crc8 *c = (struct cgw_csum_crc8 *)\
|
||||||
nla_data(tb[CGW_CS_CRC8]);
|
nla_data(tb[CGW_CS_CRC8]);
|
||||||
|
|
||||||
|
@ -674,9 +681,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
mod->csumfunc.crc8 = cgw_csum_crc8_neg;
|
mod->csumfunc.crc8 = cgw_csum_crc8_neg;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tb[CGW_CS_XOR] &&
|
if (tb[CGW_CS_XOR]) {
|
||||||
nla_len(tb[CGW_CS_XOR]) == CGW_CS_XOR_LEN) {
|
|
||||||
|
|
||||||
struct cgw_csum_xor *c = (struct cgw_csum_xor *)\
|
struct cgw_csum_xor *c = (struct cgw_csum_xor *)\
|
||||||
nla_data(tb[CGW_CS_XOR]);
|
nla_data(tb[CGW_CS_XOR]);
|
||||||
|
|
||||||
|
@ -710,8 +715,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
memset(ccgw, 0, sizeof(*ccgw));
|
memset(ccgw, 0, sizeof(*ccgw));
|
||||||
|
|
||||||
/* check for can_filter in attributes */
|
/* check for can_filter in attributes */
|
||||||
if (tb[CGW_FILTER] &&
|
if (tb[CGW_FILTER])
|
||||||
nla_len(tb[CGW_FILTER]) == sizeof(struct can_filter))
|
|
||||||
nla_memcpy(&ccgw->filter, tb[CGW_FILTER],
|
nla_memcpy(&ccgw->filter, tb[CGW_FILTER],
|
||||||
sizeof(struct can_filter));
|
sizeof(struct can_filter));
|
||||||
|
|
||||||
|
@ -721,13 +725,8 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
|
||||||
if (!tb[CGW_SRC_IF] || !tb[CGW_DST_IF])
|
if (!tb[CGW_SRC_IF] || !tb[CGW_DST_IF])
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
if (nla_len(tb[CGW_SRC_IF]) == sizeof(u32))
|
ccgw->src_idx = nla_get_u32(tb[CGW_SRC_IF]);
|
||||||
nla_memcpy(&ccgw->src_idx, tb[CGW_SRC_IF],
|
ccgw->dst_idx = nla_get_u32(tb[CGW_DST_IF]);
|
||||||
sizeof(u32));
|
|
||||||
|
|
||||||
if (nla_len(tb[CGW_DST_IF]) == sizeof(u32))
|
|
||||||
nla_memcpy(&ccgw->dst_idx, tb[CGW_DST_IF],
|
|
||||||
sizeof(u32));
|
|
||||||
|
|
||||||
/* both indices set to 0 for flushing all routing entries */
|
/* both indices set to 0 for flushing all routing entries */
|
||||||
if (!ccgw->src_idx && !ccgw->dst_idx)
|
if (!ccgw->src_idx && !ccgw->dst_idx)
|
||||||
|
|
Loading…
Reference in New Issue