diff options
author | Patrick McHardy <kaber@trash.net> | 2010-02-10 14:17:10 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-02-10 14:17:10 +0100 |
commit | 9ab99d5a43e9f283738fd9fd365539306d13eaac (patch) | |
tree | 0214a63e3f4f7f4f187f0139e4a5d8abe453902b /net/netfilter/ipvs/ip_vs_ctl.c | |
parent | 76780373190d7e8ddfb6fed06aef068e2445c743 (diff) | |
parent | b1109bf085c8dd69537b7876ea83f914dd1fe46a (diff) | |
download | kernel_samsung_smdk4412-9ab99d5a43e9f283738fd9fd365539306d13eaac.zip kernel_samsung_smdk4412-9ab99d5a43e9f283738fd9fd365539306d13eaac.tar.gz kernel_samsung_smdk4412-9ab99d5a43e9f283738fd9fd365539306d13eaac.tar.bz2 |
Merge branch 'master' of /repos/git/net-next-2.6
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/ipvs/ip_vs_ctl.c')
-rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 93420ea..00d0b15 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) if (!capable(CAP_NET_ADMIN)) return -EPERM; + if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) + return -EINVAL; + if (len < 0 || len > MAX_ARG_LEN) + return -EINVAL; if (len != set_arglen[SET_CMDID(cmd)]) { pr_err("set_ctl: len %u != %u\n", len, set_arglen[SET_CMDID(cmd)]); @@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) { unsigned char arg[128]; int ret = 0; + unsigned int copylen; if (!capable(CAP_NET_ADMIN)) return -EPERM; + if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX) + return -EINVAL; + if (*len < get_arglen[GET_CMDID(cmd)]) { pr_err("get_ctl: len %u < %u\n", *len, get_arglen[GET_CMDID(cmd)]); return -EINVAL; } - if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) + copylen = get_arglen[GET_CMDID(cmd)]; + if (copylen > 128) + return -EINVAL; + + if (copy_from_user(arg, user, copylen) != 0) return -EFAULT; if (mutex_lock_interruptible(&__ip_vs_mutex)) |