Thread (148 messages) 148 messages, 14 authors, 2014-12-09

Re: [patch net-next v3 17/17] rocker: add ndo_bridge_setlnk/getlink support for learning policy

From: Jiri Pirko <jiri@resnulli.us>
Date: 2014-11-26 11:27:21 

Wed, Nov 26, 2014 at 12:07:09PM CET, tgraf@suug.ch wrote:
On 11/25/14 at 11:28am, Jiri Pirko wrote:
quoted
@@ -3657,6 +3693,64 @@ skip:
 	return idx;
 }
 
+static int rocker_port_bridge_setlink(struct net_device *dev,
+				      struct nlmsghdr *nlh)
+{
+	struct rocker_port *rocker_port = netdev_priv(dev);
+	struct nlattr *protinfo;
+	struct nlattr *afspec;
+	struct nlattr *attr;
+	u16 mode;
+	int err;
+
+	protinfo = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg),
+				   IFLA_PROTINFO);
+	afspec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
+
+	if (afspec) {
+		attr = nla_find_nested(afspec, IFLA_BRIDGE_MODE);
+		if (attr) {
+			mode = nla_get_u16(attr);
+			if (mode != BRIDGE_MODE_SWDEV)
+				return -EINVAL;
+		}
+	}
The Netlink message is completely unverified at this point. All
rtnl_bridge_setlink() does is verify that msgsize >= ifinfomsg.
All of the drivers but br_setlink() need fixing in this regard.
I believe that we should fix this for all drivers in a follow-up patch.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help