Re: [PATCH net v2] net/sched: act_simple: fix parsing of TCA_DEF_DATA

2018-06-08 Thread David Miller 
From: Davide Caratti 
Date: Fri,  8 Jun 2018 05:02:31 +0200

> use nla_strlcpy() to avoid copying data beyond the length of TCA_DEF_DATA
> netlink attribute, in case it is less than SIMP_MAX_DATA and it does not
> end with '\0' character.
> 
> v2: fix errors in the commit message, thanks Hangbin Liu
> 
> Fixes: fa1b1cff3d06 ("net_cls_act: Make act_simple use of netlink policy.")
> Signed-off-by: Davide Caratti 

Applied and queued up for -stable.

Re: [PATCH net v2] net/sched: act_simple: fix parsing of TCA_DEF_DATA

2018-06-08 Thread Simon Horman 
On Fri, Jun 08, 2018 at 05:02:31AM +0200, Davide Caratti wrote:
> use nla_strlcpy() to avoid copying data beyond the length of TCA_DEF_DATA
> netlink attribute, in case it is less than SIMP_MAX_DATA and it does not
> end with '\0' character.
> 
> v2: fix errors in the commit message, thanks Hangbin Liu
> 
> Fixes: fa1b1cff3d06 ("net_cls_act: Make act_simple use of netlink policy.")
> Signed-off-by: Davide Caratti 

Reviewed-by: Simon Horman

[PATCH net v2] net/sched: act_simple: fix parsing of TCA_DEF_DATA

2018-06-07 Thread Davide Caratti 
use nla_strlcpy() to avoid copying data beyond the length of TCA_DEF_DATA
netlink attribute, in case it is less than SIMP_MAX_DATA and it does not
end with '\0' character.

v2: fix errors in the commit message, thanks Hangbin Liu

Fixes: fa1b1cff3d06 ("net_cls_act: Make act_simple use of netlink policy.")
Signed-off-by: Davide Caratti 
---
 net/sched/act_simple.c | 15 ++-
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c
index 9618b4a83cee..98c4afe7c15b 100644
--- a/net/sched/act_simple.c
+++ b/net/sched/act_simple.c
@@ -53,22 +53,22 @@ static void tcf_simp_release(struct tc_action *a)
kfree(d->tcfd_defdata);
 }
 
-static int alloc_defdata(struct tcf_defact *d, char *defdata)
+static int alloc_defdata(struct tcf_defact *d, const struct nlattr *defdata)
 {
d->tcfd_defdata = kzalloc(SIMP_MAX_DATA, GFP_KERNEL);
if (unlikely(!d->tcfd_defdata))
return -ENOMEM;
-   strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
+   nla_strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
return 0;
 }
 
-static void reset_policy(struct tcf_defact *d, char *defdata,
+static void reset_policy(struct tcf_defact *d, const struct nlattr *defdata,
 struct tc_defact *p)
 {
spin_lock_bh(>tcf_lock);
d->tcf_action = p->action;
memset(d->tcfd_defdata, 0, SIMP_MAX_DATA);
-   strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
+   nla_strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);
spin_unlock_bh(>tcf_lock);
 }
 
@@ -87,7 +87,6 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
struct tcf_defact *d;
bool exists = false;
int ret = 0, err;
-   char *defdata;
 
if (nla == NULL)
return -EINVAL;
@@ -110,8 +109,6 @@ static int tcf_simp_init(struct net *net, struct nlattr 
*nla,
return -EINVAL;
}
 
-   defdata = nla_data(tb[TCA_DEF_DATA]);
-
if (!exists) {
ret = tcf_idr_create(tn, parm->index, est, a,
 _simp_ops, bind, false);
@@ -119,7 +116,7 @@ static int tcf_simp_init(struct net *net, struct nlattr 
*nla,
return ret;
 
d = to_defact(*a);
-   ret = alloc_defdata(d, defdata);
+   ret = alloc_defdata(d, tb[TCA_DEF_DATA]);
if (ret < 0) {
tcf_idr_release(*a, bind);
return ret;
@@ -133,7 +130,7 @@ static int tcf_simp_init(struct net *net, struct nlattr 
*nla,
if (!ovr)
return -EEXIST;
 
-   reset_policy(d, defdata, parm);
+   reset_policy(d, tb[TCA_DEF_DATA], parm);
}
 
if (ret == ACT_P_CREATED)
-- 
2.17.0