Swconfig needs to make sure that requested vlans/ports actually exist,
else it might read or modify memory not belonging to itself.
This patch adds a quick range check in swconfig's kernel part to
prevent accidential or intentional memory modification.
Signed-off-by: Jonas Gorski jonas.gorski+open...@gmail.com
---
.../generic-2.6/files/drivers/net/phy/swconfig.c |4
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/target/linux/generic-2.6/files/drivers/net/phy/swconfig.c
b/target/linux/generic-2.6/files/drivers/net/phy/swconfig.c
index 21a6a7b..376dec1 100644
--- a/target/linux/generic-2.6/files/drivers/net/phy/swconfig.c
+++ b/target/linux/generic-2.6/files/drivers/net/phy/swconfig.c
@@ -463,6 +463,8 @@ swconfig_lookup_attr(struct switch_dev *dev, struct
genl_info *info,
if (!info-attrs[SWITCH_ATTR_OP_VLAN])
goto done;
val-port_vlan = nla_get_u32(info-attrs[SWITCH_ATTR_OP_VLAN]);
+ if (val-port_vlan = dev-vlans)
+ goto done;
break;
case SWITCH_CMD_SET_PORT:
case SWITCH_CMD_GET_PORT:
@@ -473,6 +475,8 @@ swconfig_lookup_attr(struct switch_dev *dev, struct
genl_info *info,
if (!info-attrs[SWITCH_ATTR_OP_PORT])
goto done;
val-port_vlan = nla_get_u32(info-attrs[SWITCH_ATTR_OP_PORT]);
+ if (val-port_vlan = dev-ports)
+ goto done;
break;
default:
WARN_ON(1);
--
1.7.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
