Commit 684de409 authored by David S. Miller's avatar David S. Miller

ipv6: Disallow rediculious flowlabel option sizes.

Just like PKTINFO, limit the options area to 64K.

Based upon report by Eric Sesterhenn and analysis by
Roland Dreier.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a23f4bbd
...@@ -323,17 +323,21 @@ static struct ip6_flowlabel * ...@@ -323,17 +323,21 @@ static struct ip6_flowlabel *
fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval, fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
int optlen, int *err_p) int optlen, int *err_p)
{ {
struct ip6_flowlabel *fl; struct ip6_flowlabel *fl = NULL;
int olen; int olen;
int addr_type; int addr_type;
int err; int err;
olen = optlen - CMSG_ALIGN(sizeof(*freq));
err = -EINVAL;
if (olen > 64 * 1024)
goto done;
err = -ENOMEM; err = -ENOMEM;
fl = kzalloc(sizeof(*fl), GFP_KERNEL); fl = kzalloc(sizeof(*fl), GFP_KERNEL);
if (fl == NULL) if (fl == NULL)
goto done; goto done;
olen = optlen - CMSG_ALIGN(sizeof(*freq));
if (olen > 0) { if (olen > 0) {
struct msghdr msg; struct msghdr msg;
struct flowi flowi; struct flowi flowi;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment