From: Daniel Borkmann <dborkman@redhat.com>
Date: Thu, 22 Jan 2015 09:58:19 +0000 (+0100)
Subject: net: act_bpf: fix size mismatch on filter preparation
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=fd3e646c87ab3f2ba98aa25394581af27cc78dc5;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git

net: act_bpf: fix size mismatch on filter preparation

Similarly as in cls_bpf, also this code needs to reject mismatches.

Reference: http://article.gmane.org/gmane.linux.network/347406
Fixes: d23b8ad8ab23 ("tc: add BPF based action")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c
index 1bd257e473a9..82c5d7fc1988 100644
--- a/net/sched/act_bpf.c
+++ b/net/sched/act_bpf.c
@@ -122,6 +122,9 @@ static int tcf_bpf_init(struct net *net, struct nlattr *nla,
 		return -EINVAL;
 
 	bpf_size = bpf_num_ops * sizeof(*bpf_ops);
+	if (bpf_size != nla_len(tb[TCA_ACT_BPF_OPS]))
+		return -EINVAL;
+
 	bpf_ops = kzalloc(bpf_size, GFP_KERNEL);
 	if (!bpf_ops)
 		return -ENOMEM;