From 24fb009bae18f2ef712800ee9b2f52c177d9d3f9 Mon Sep 17 00:00:00 2001 From: Marek Lindner Date: Tue, 19 Oct 2010 11:59:13 +0200 Subject: [PATCH] Staging: batman-adv: protect against ogm packet overflow by checking table length Reported-by: Sam Yeung Signed-off-by: Marek Lindner Signed-off-by: Sven Eckelmann Signed-off-by: Greg Kroah-Hartman --- drivers/staging/batman-adv/translation-table.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/staging/batman-adv/translation-table.c b/drivers/staging/batman-adv/translation-table.c index 12b23259c385..681ccbda3eac 100644 --- a/drivers/staging/batman-adv/translation-table.c +++ b/drivers/staging/batman-adv/translation-table.c @@ -59,6 +59,7 @@ void hna_local_add(struct net_device *soft_iface, uint8_t *addr) struct hna_global_entry *hna_global_entry; struct hashtable_t *swaphash; unsigned long flags; + int required_bytes; spin_lock_irqsave(&bat_priv->hna_lhash_lock, flags); hna_local_entry = @@ -74,8 +75,12 @@ void hna_local_add(struct net_device *soft_iface, uint8_t *addr) /* only announce as many hosts as possible in the batman-packet and space in batman_packet->num_hna That also should give a limit to MAC-flooding. */ - if ((bat_priv->num_local_hna + 1 > (ETH_DATA_LEN - BAT_PACKET_LEN) - / ETH_ALEN) || + required_bytes = (bat_priv->num_local_hna + 1) * ETH_ALEN; + required_bytes += BAT_PACKET_LEN; + + if ((required_bytes > ETH_DATA_LEN) || + (atomic_read(&bat_priv->aggregation_enabled) && + required_bytes > MAX_AGGREGATION_BYTES) || (bat_priv->num_local_hna + 1 > 255)) { bat_dbg(DBG_ROUTES, bat_priv, "Can't add new local hna entry (%pM): " -- 2.20.1