Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
iproute2: backport some fixes for buffer overflow
complex classes tended to cause a kernel error on the default iproute 4.0 iproute release.
- Loading branch information
Dave Taht
committed
Apr 30, 2015
1 parent
71b59b0
commit 3ab9dcd
Showing
2 changed files
with
96 additions
and
0 deletions.
There are no files selected for viewing
61 changes: 61 additions & 0 deletions
61
net/iproute2/patches/800-tc-util-Fix-possible-buffer-overflow-when-print-clas.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
From 46679bbbe89699016d31486de7599590d02a5054 Mon Sep 17 00:00:00 2001 | ||
From: Vadim Kochan <vadim4j@gmail.com> | ||
Date: Mon, 20 Apr 2015 08:33:32 +0300 | ||
Subject: [PATCH 32/38] tc util: Fix possible buffer overflow when print class | ||
id | ||
|
||
Use correct handle buffer length. | ||
|
||
Signed-off-by: Vadim Kochan <vadim4j@gmail.com> | ||
--- | ||
tc/tc_util.c | 19 ++++++++++--------- | ||
1 file changed, 10 insertions(+), 9 deletions(-) | ||
|
||
diff --git a/tc/tc_util.c b/tc/tc_util.c | ||
index 1d3153d..dc2b70f 100644 | ||
--- a/tc/tc_util.c | ||
+++ b/tc/tc_util.c | ||
@@ -128,30 +128,31 @@ ok: | ||
return 0; | ||
} | ||
|
||
-int print_tc_classid(char *buf, int len, __u32 h) | ||
+int print_tc_classid(char *buf, int blen, __u32 h) | ||
{ | ||
- char handle[40] = {}; | ||
+ SPRINT_BUF(handle) = {}; | ||
+ int hlen = SPRINT_BSIZE - 1; | ||
|
||
if (h == TC_H_ROOT) | ||
sprintf(handle, "root"); | ||
else if (h == TC_H_UNSPEC) | ||
- snprintf(handle, len, "none"); | ||
+ snprintf(handle, hlen, "none"); | ||
else if (TC_H_MAJ(h) == 0) | ||
- snprintf(handle, len, ":%x", TC_H_MIN(h)); | ||
+ snprintf(handle, hlen, ":%x", TC_H_MIN(h)); | ||
else if (TC_H_MIN(h) == 0) | ||
- snprintf(handle, len, "%x:", TC_H_MAJ(h) >> 16); | ||
+ snprintf(handle, hlen, "%x:", TC_H_MAJ(h) >> 16); | ||
else | ||
- snprintf(handle, len, "%x:%x", TC_H_MAJ(h) >> 16, TC_H_MIN(h)); | ||
+ snprintf(handle, hlen, "%x:%x", TC_H_MAJ(h) >> 16, TC_H_MIN(h)); | ||
|
||
if (use_names) { | ||
char clname[IDNAME_MAX] = {}; | ||
|
||
if (id_to_name(cls_names, h, clname)) | ||
- snprintf(buf, len, "%s#%s", clname, handle); | ||
+ snprintf(buf, blen, "%s#%s", clname, handle); | ||
else | ||
- snprintf(buf, len, "%s", handle); | ||
+ snprintf(buf, blen, "%s", handle); | ||
} else { | ||
- snprintf(buf, len, "%s", handle); | ||
+ snprintf(buf, blen, "%s", handle); | ||
} | ||
|
||
return 0; | ||
-- | ||
1.9.1 | ||
|
35 changes: 35 additions & 0 deletions
35
net/iproute2/patches/801-tc-fix-compilation-warning-on-32bits-arch.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
From afa5158f02024ea9ac71a4bb262670bba17aebcd Mon Sep 17 00:00:00 2001 | ||
From: Nicolas Dichtel <nicolas.dichtel@6wind.com> | ||
Date: Wed, 22 Apr 2015 10:27:05 +0200 | ||
Subject: [PATCH 33/38] tc: fix compilation warning on 32bits arch | ||
MIME-Version: 1.0 | ||
Content-Type: text/plain; charset=UTF-8 | ||
Content-Transfer-Encoding: 8bit | ||
|
||
The warning was: | ||
m_simple.c: In function ‘parse_simple’: | ||
m_simple.c:142:4: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 3 has type ‘size_t’ [-Wformat] | ||
|
||
Useful to be able to compile with -Werror. | ||
|
||
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> | ||
--- | ||
tc/m_simple.c | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/tc/m_simple.c b/tc/m_simple.c | ||
index 866552f..1ad5526 100644 | ||
--- a/tc/m_simple.c | ||
+++ b/tc/m_simple.c | ||
@@ -138,7 +138,7 @@ parse_simple(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, | ||
} | ||
|
||
if (strlen(simpdata) > (SIMP_MAX_DATA - 1)) { | ||
- fprintf(stderr, "simple: Illegal string len %ld <%s> \n", | ||
+ fprintf(stderr, "simple: Illegal string len %zu <%s> \n", | ||
strlen(simpdata), simpdata); | ||
return -1; | ||
} | ||
-- | ||
1.9.1 | ||
|