2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-23 04:34:11 +08:00

net/sched: flower: Fix null pointer dereference when run tc vlan command

Zahari issued tc vlan command without setting vlan_ethtype, which will
crash kernel. To avoid this, we must check tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]
is not null before use it.
Also we don't need to dump vlan_ethtype or cvlan_ethtype in this case.

Fixes: d64efd0926 ('net/sched: flower: Add supprt for matching on QinQ vlan headers')
Signed-off-by: Jianbo Liu <jianbol@mellanox.com>
Reported-by: Zahari Doychev <zahari.doychev@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jianbo Liu 2018-07-09 02:26:20 +00:00 committed by David S. Miller
parent db560d1612
commit 5e9a0fe492

View File

@ -605,6 +605,7 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
&mask->vlan);
if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
if (eth_type_vlan(ethertype)) {
fl_set_key_vlan(tb, ethertype,
@ -620,6 +621,7 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
key->basic.n_proto = ethertype;
mask->basic.n_proto = cpu_to_be16(~0);
}
}
} else {
key->basic.n_proto = ethertype;
mask->basic.n_proto = cpu_to_be16(~0);
@ -1344,6 +1346,7 @@ static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
key->cvlan.vlan_tpid)))
goto nla_put_failure;
if (mask->basic.n_proto) {
if (mask->cvlan.vlan_tpid) {
if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
key->basic.n_proto))
@ -1353,6 +1356,7 @@ static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
key->basic.n_proto))
goto nla_put_failure;
}
}
if ((key->basic.n_proto == htons(ETH_P_IP) ||
key->basic.n_proto == htons(ETH_P_IPV6)) &&