[openib-general] Re: [PATCH] af_packet: Allow for > 8 byte hardware addresses.
Eric W. Biederman
ebiederm at xmission.com
Mon Sep 12 15:13:23 PDT 2005
"David S. Miller" <davem at davemloft.net> writes:
> From: ebiederm at xmission.com (Eric W. Biederman)
> Date: Sat, 10 Sep 2005 11:25:27 -0600
>
>> @@ -1315,11 +1340,16 @@ packet_setsockopt(struct socket *sock, i
>> case PACKET_ADD_MEMBERSHIP:
>> case PACKET_DROP_MEMBERSHIP:
>> {
>> - struct packet_mreq mreq;
>> - if (optlen<sizeof(mreq))
>> + struct packet_mreq_max mreq;
>> + int len = optlen;
>> + if (len < sizeof(struct packet_mreq))
>> return -EINVAL;
>> - if (copy_from_user(&mreq,optval,sizeof(mreq)))
>> + if (len > sizeof(mreq))
>> + len = sizeof(mreq);
>> + if (copy_from_user(&mreq,optval,len))
>> return -EFAULT;
>
> I would suggest memset()'ing out any packet_mreq_max structure,
> before copying a smaller amount of data into it, just to be
> safe. Please check this out in all such possible uses in
> the patch.
>
> Thanks.
Ok. For that specific case you have quoted the only instance.
In a practical sense it doesn't matter because halen determines
how many of the bytes we actually look at. But if something
is buggy I can see the memset causing the bug to act in a
more deterministic fashion.
Updated patch will follow in a bit.
Eric
More information about the general
mailing list