rocker: Add proper validation of Netlink attributes

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/rocker/rocker.c b/drivers/net/ethernet/rocker/rocker.c
index 61cfdbffdb7a7140b1d951af8b6e7c7af3bae530..30687bf1143f3fdc4de9e61ffed769ef2da3d659 100644 (file)
--- a/drivers/net/ethernet/rocker/rocker.c
+++ b/drivers/net/ethernet/rocker/rocker.c
@@ -3712,6 +3712,9 @@ static int rocker_port_bridge_setlink(struct net_device *dev,
        if (afspec) {
                attr = nla_find_nested(afspec, IFLA_BRIDGE_MODE);
                if (attr) {
+                       if (nla_len(attr) < sizeof(mode))
+                               return -EINVAL;
+
                        mode = nla_get_u16(attr);
                        if (mode != BRIDGE_MODE_SWDEV)
                                return -EINVAL;
@@ -3721,6 +3724,9 @@ static int rocker_port_bridge_setlink(struct net_device *dev,
        if (protinfo) {
                attr = nla_find_nested(protinfo, IFLA_BRPORT_LEARNING);
                if (attr) {
+                       if (nla_len(attr) < sizeof(u8))
+                               return -EINVAL;
+
                        if (nla_get_u8(attr))
                                rocker_port->brport_flags |= BR_LEARNING;
                        else
@@ -3731,6 +3737,9 @@ static int rocker_port_bridge_setlink(struct net_device *dev,
                }
                attr = nla_find_nested(protinfo, IFLA_BRPORT_LEARNING_SYNC);
                if (attr) {
+                       if (nla_len(attr) < sizeof(u8))
+                               return -EINVAL;
+
                        if (nla_get_u8(attr))
                                rocker_port->brport_flags |= BR_LEARNING_SYNC;
                        else