summaryrefslogtreecommitdiff
path: root/target/linux
diff options
context:
space:
mode:
authorflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>2010-04-11 20:51:37 +0000
committerflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>2010-04-11 20:51:37 +0000
commitb02fa11a17a01d456ef0b71fb9d3725a6e0ed264 (patch)
tree74b461f817e9248275cdec31f429a8126239c33c /target/linux
parent5788420c902c3adc3ff1df3e4b854de6cf38f21e (diff)
[kernel] swconfig: Check vlan/port indexes for validity.
Swconfig needs to make sure that requested vlans/ports actually exist, else it might read or modify memory not belonging to itself. This patch adds a quick range check in swconfig's kernel part to prevent accidential or intentional memory modification. Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20811 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux')
-rw-r--r--target/linux/generic-2.6/files/drivers/net/phy/swconfig.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/target/linux/generic-2.6/files/drivers/net/phy/swconfig.c b/target/linux/generic-2.6/files/drivers/net/phy/swconfig.c
index 7207e46592..bb49df83eb 100644
--- a/target/linux/generic-2.6/files/drivers/net/phy/swconfig.c
+++ b/target/linux/generic-2.6/files/drivers/net/phy/swconfig.c
@@ -463,6 +463,8 @@ swconfig_lookup_attr(struct switch_dev *dev, struct genl_info *info,
if (!info->attrs[SWITCH_ATTR_OP_VLAN])
goto done;
val->port_vlan = nla_get_u32(info->attrs[SWITCH_ATTR_OP_VLAN]);
+ if (val->port_vlan >= dev->vlans)
+ goto done;
break;
case SWITCH_CMD_SET_PORT:
case SWITCH_CMD_GET_PORT:
@@ -473,6 +475,8 @@ swconfig_lookup_attr(struct switch_dev *dev, struct genl_info *info,
if (!info->attrs[SWITCH_ATTR_OP_PORT])
goto done;
val->port_vlan = nla_get_u32(info->attrs[SWITCH_ATTR_OP_PORT]);
+ if (val->port_vlan >= dev->ports)
+ goto done;
break;
default:
WARN_ON(1);