projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df94536)
nl802154: stricter input checking for boolean inputs
authorStefan Schmidt <stefan@osg.samsung.com>
Thu, 20 Aug 2015 10:09:47 +0000 (12:09 +0200)
committerMarcel Holtmann <marcel@holtmann.org>
Fri, 28 Aug 2015 19:00:37 +0000 (21:00 +0200)
So far we handled boolean input by forcing them with !! and assigning
them into a bool. This allowed userspace to send values > 1 which were
used as 1. We should be stricter here and return -EINVAL for all but
0 or 1.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
net/ieee802154/nl802154.c patch | blob | blame | history

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 1b00a14850cb5f097b557079225c55c1abadab40..3f89c0abdab170485a4bc83867c0f9609fe69c64 100644 (file)
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1034,7 +1034,7 @@ static int nl802154_set_lbt_mode(struct sk_buff *skb, struct genl_info *info)
        struct cfg802154_registered_device *rdev = info->user_ptr[0];
        struct net_device *dev = info->user_ptr[1];
        struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
-       bool mode;
+       int mode;
 
        if (netif_running(dev))
                return -EBUSY;
@@ -1042,7 +1042,11 @@ static int nl802154_set_lbt_mode(struct sk_buff *skb, struct genl_info *info)
        if (!info->attrs[NL802154_ATTR_LBT_MODE])
                return -EINVAL;
 
-       mode = !!nla_get_u8(info->attrs[NL802154_ATTR_LBT_MODE]);
+       mode = nla_get_u8(info->attrs[NL802154_ATTR_LBT_MODE]);
+
+       if (mode != 0 && mode != 1)
+               return -EINVAL;
+
        if (!wpan_phy_supported_bool(mode, rdev->wpan_phy.supported.lbt))
                return -EINVAL;
 
@@ -1055,7 +1059,7 @@ nl802154_set_ackreq_default(struct sk_buff *skb, struct genl_info *info)
        struct cfg802154_registered_device *rdev = info->user_ptr[0];
        struct net_device *dev = info->user_ptr[1];
        struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
-       bool ackreq;
+       int ackreq;
 
        if (netif_running(dev))
                return -EBUSY;
@@ -1063,7 +1067,11 @@ nl802154_set_ackreq_default(struct sk_buff *skb, struct genl_info *info)
        if (!info->attrs[NL802154_ATTR_ACKREQ_DEFAULT])
                return -EINVAL;
 
-       ackreq = !!nla_get_u8(info->attrs[NL802154_ATTR_ACKREQ_DEFAULT]);
+       ackreq = nla_get_u8(info->attrs[NL802154_ATTR_ACKREQ_DEFAULT]);
+
+       if (ackreq != 0 && ackreq != 1)
+               return -EINVAL;
+
        return rdev_set_ackreq_default(rdev, wpan_dev, ackreq);
 }