This patch checks to make sure that the number of instructions doesn't surpass
BPF_MAXINSNS in sk_chk_filter().
Signed-off-by: Kris Katterjohn <[email protected]>
---
This is a diff from 2.6.15-rc5. And I am not subscribed, so please CC me on any
replies.
The previous check in sk_chk_filter() doesn't seem very logical to me because it
should either be limited to BPF_MAXINSNS or only limited by the max value of an
`int' (not really limited). sk_attach_filter() and get_filter() in
drivers/net/ppp_generic.c limit it to BPF_MAXINSNS, but get_filter() in
drivers/isdn/i4l/isdn_ppp.c and anything else that will use it only get this
seemingly "random" limit.
This way it is checked for in only one place, and has a single constant limit.
Thanks!
--- x/net/core/filter.c 2005-12-06 04:01:50.000000000 -0600
+++ y/net/core/filter.c 2005-12-06 04:04:23.000000000 -0600
@@ -293,7 +293,8 @@ int sk_chk_filter(struct sock_filter *fi
struct sock_filter *ftest;
int pc;
- if (((unsigned int)flen >= (~0U / sizeof(struct sock_filter))) || flen == 0)
+ /* check for valid number of instructions -Kris Katterjohn 2005-12-06 */
+ if (flen == 0 || flen > BPF_MAXINSNS)
return -EINVAL;
/* check the filter code now */
@@ -359,9 +360,9 @@ int sk_attach_filter(struct sock_fprog *
unsigned int fsize = sizeof(struct sock_filter) * fprog->len;
int err;
- /* Make sure new filter is there and in the right amounts. */
- if (fprog->filter == NULL || fprog->len > BPF_MAXINSNS)
- return -EINVAL;
+ /* Make sure new filter is there */
+ if (fprog->filter == NULL)
+ return -EINVAL;
fp = sock_kmalloc(sk, fsize+sizeof(*fp), GFP_KERNEL);
if (!fp)
From: "Kris Katterjohn" <[email protected]>
Date: Tue, 6 Dec 2005 02:10:49 -0800
> This patch checks to make sure that the number of instructions doesn't surpass
> BPF_MAXINSNS in sk_chk_filter().
>
> Signed-off-by: Kris Katterjohn <[email protected]>
How about posting networking patches to [email protected] for
discussion, and the CC:'ing the networking maintainer (me)?
Thanks.
From: David S. Miller
Sent: 12/6/2005 2:20:21 AM
> From: "Kris Katterjohn" <[email protected]>
> Date: Tue, 6 Dec 2005 02:10:49 -0800
>
> > This patch checks to make sure that the number of instructions doesn't surpass
> > BPF_MAXINSNS in sk_chk_filter().
> >
> > Signed-off-by: Kris Katterjohn <[email protected]>
>
> How about posting networking patches to [email protected] for
> discussion, and the CC:'ing the networking maintainer (me)?
>
> Thanks.
Sorry, I'm still new to this kernel development stuff. :) Should I send it there
now, or did you, or is it accepted, or...?
Kris