On Sun, Jan 14, 2018 at 03:50:55PM +0100, Lorenzo Bianconi wrote:
> Add sanity check on l2specific_type provided by userspace in
> l2tp_nl_cmd_session_create() since just L2TP_L2SPECTYPE_DEFAULT and
> L2TP_L2SPECTYPE_NONE are currently supported.
> Moreover do not always initialize l2specific_type if userspace requests
> a given l2-specific sublayer type
> 
I don't understand your last sentence. l2specific_type is always
initialised in your patch (or session creation is aborted).

> Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com>
> ---
>  net/l2tp/l2tp_netlink.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c
> index 48b5bf30ec50..711cf208f23a 100644
> --- a/net/l2tp/l2tp_netlink.c
> +++ b/net/l2tp/l2tp_netlink.c
> @@ -550,9 +550,16 @@ static int l2tp_nl_cmd_session_create(struct sk_buff 
> *skb, struct genl_info *inf
>               if (info->attrs[L2TP_ATTR_DATA_SEQ])
>                       cfg.data_seq = 
> nla_get_u8(info->attrs[L2TP_ATTR_DATA_SEQ]);
>  
> -             cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
> -             if (info->attrs[L2TP_ATTR_L2SPEC_TYPE])
> +             if (info->attrs[L2TP_ATTR_L2SPEC_TYPE]) {
>                       cfg.l2specific_type = 
> nla_get_u8(info->attrs[L2TP_ATTR_L2SPEC_TYPE]);
> +                     if (cfg.l2specific_type != L2TP_L2SPECTYPE_DEFAULT &&
> +                         cfg.l2specific_type != L2TP_L2SPECTYPE_NONE) {
> +                             ret = -EINVAL;
> +                             goto out_tunnel;
> +                     }
> +             } else {
> +                     cfg.l2specific_type = L2TP_L2SPECTYPE_DEFAULT;
> +             }
>  
>               cfg.l2specific_len = 4;
>               if (info->attrs[L2TP_ATTR_L2SPEC_LEN])
> -- 
> 2.13.6
> 

Reply via email to