When enabling a bearer with identify by name, we don't sanity check
its name with higher slot in bearer list. This lead to duplicate
bearer names bypassed the check.
To fix the above issue, we just perform an extra checking with all
existing bearers.
Fixes: cb30a63384bc9 ("tipc: refactor function tipc_enable_bearer()")
Signed-off-by: Hoang Le <hoang.h...@dektech.com.au>
---
net/tipc/bearer.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index d47e0b940ac9..6fae68f0e654 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -256,6 +256,7 @@ static int tipc_enable_bearer(struct net *net, const char
*name,
int bearer_id = 0;
int res = -EINVAL;
char *errstr = "";
+ u32 i;
if (!bearer_name_validate(name, &b_names)) {
errstr = "illegal name";
@@ -313,6 +314,18 @@ static int tipc_enable_bearer(struct net *net, const char
*name,
goto rejected;
}
+ /* Check new bearer from free slot up to MAX_BEARERS */
+ for (i = bearer_id + 1; i <= MAX_BEARERS; ++i) {
+ b = rtnl_dereference(tn->bearer_list[i]);
+ if (!b)
+ continue;
+ if (!strcmp(name, b->name)) {
+ errstr = "already enabled";
+ NL_SET_ERR_MSG(extack, "Already enabled");
+ goto rejected;
+ }
+ }
+
b = kzalloc(sizeof(*b), GFP_ATOMIC);
if (!b)
return -ENOMEM;
--
2.25.1
_______________________________________________
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
