From: David S. Miller Date: Tue, 27 Dec 2005 21:57:59 +0000 (-0800) Subject: [NET]: Validate socket filters against BPF_MAXINSNS in one spot. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1b93ae64cabe5e28dd5a1f35f96f938ca4f6ae20;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git [NET]: Validate socket filters against BPF_MAXINSNS in one spot. Currently the checks are scattered all over and this leads to inconsistencies and even cases where the check is not made. Based upon a patch from Kris Katterjohn. Signed-off-by: David S. Miller --- diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c index 50430f79f8cf..1c6d328165bb 100644 --- a/drivers/net/ppp_generic.c +++ b/drivers/net/ppp_generic.c @@ -524,9 +524,6 @@ static int get_filter(void __user *arg, struct sock_filter **p) if (copy_from_user(&uprog, arg, sizeof(uprog))) return -EFAULT; - if (uprog.len > BPF_MAXINSNS) - return -EINVAL; - if (!uprog.len) { *p = NULL; return 0; diff --git a/net/core/filter.c b/net/core/filter.c index 2841bfce29d6..3a10e0bc90e8 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -293,7 +293,7 @@ int sk_chk_filter(struct sock_filter *filter, int flen) struct sock_filter *ftest; int pc; - if (((unsigned int)flen >= (~0U / sizeof(struct sock_filter))) || flen == 0) + if (flen == 0 || flen > BPF_MAXINSNS) return -EINVAL; /* check the filter code now */ @@ -360,7 +360,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) int err; /* Make sure new filter is there and in the right amounts. */ - if (fprog->filter == NULL || fprog->len > BPF_MAXINSNS) + if (fprog->filter == NULL) return -EINVAL; fp = sock_kmalloc(sk, fsize+sizeof(*fp), GFP_KERNEL);