can: gw: Use nla_policy to validate netlink attributes

Also use nla_get_u32() instead of nla_memcpy() to access u32 attribtues. Signed-off-by: Thomas Graf <tgraf@suug.ch> Tested-by: Oliver Hartkopp <socketcan@hartkopp.net> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>

can: gw: Use nla_policy to validate netlink attributes
Also use nla_get_u32() instead of nla_memcpy() to access u32 attribtues. Signed-off-by: Thomas Graf <tgraf@suug.ch> Tested-by: Oliver Hartkopp <socketcan@hartkopp.net> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
732d35fd · Thomas Graf · Marc Kleine-Budde · 6eaf53ca · 732d35fd
Commit 732d35fd authored Jul 05, 2012 by Thomas Graf Committed by Marc Kleine-Budde Jul 10, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 24 deletions

net/can/gw.c net/can/gw.c +23 -24

No files found.
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -558,6 +558,18 @@ static int cgw_dump_jobs(struct sk_buff *skb, struct netlink_callback *cb)
 	return skb->len;
 }
+static const struct nla_policy cgw_policy[CGW_MAX+1] = {
+	[CGW_MOD_AND]	= { .len = sizeof(struct cgw_frame_mod) },
+	[CGW_MOD_OR]	= { .len = sizeof(struct cgw_frame_mod) },
+	[CGW_MOD_XOR]	= { .len = sizeof(struct cgw_frame_mod) },
+	[CGW_MOD_SET]	= { .len = sizeof(struct cgw_frame_mod) },
+	[CGW_CS_XOR]	= { .len = sizeof(struct cgw_csum_xor) },
+	[CGW_CS_CRC8]	= { .len = sizeof(struct cgw_csum_crc8) },
+	[CGW_SRC_IF]	= { .type = NLA_U32 },
+	[CGW_DST_IF]	= { .type = NLA_U32 },
+	[CGW_FILTER]	= { .len = sizeof(struct can_filter) },
+};
 /* check for common and gwtype specific attributes */
 static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 			  u8 gwtype, void *gwtypeattr)
@@ -570,14 +582,14 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 	/* initialize modification & checksum data space */
 	memset(mod, 0, sizeof(*mod));
-	err = nlmsg_parse(nlh, sizeof(struct rtcanmsg), tb, CGW_MAX, NULL);
+	err = nlmsg_parse(nlh, sizeof(struct rtcanmsg), tb, CGW_MAX,
+			  cgw_policy);
 	if (err < 0)
 		return err;
 	/* check for AND/OR/XOR/SET modifications */
-	if (tb[CGW_MOD_AND] &&
+	if (tb[CGW_MOD_AND]) {
-	    nla_len(tb[CGW_MOD_AND]) == CGW_MODATTR_LEN) {
 		nla_memcpy(&mb, tb[CGW_MOD_AND], CGW_MODATTR_LEN);
 		canframecpy(&mod->modframe.and, &mb.cf);
@@ -593,8 +605,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 			mod->modfunc[modidx++] = mod_and_data;
 	}
-	if (tb[CGW_MOD_OR] &&
+	if (tb[CGW_MOD_OR]) {
-	    nla_len(tb[CGW_MOD_OR]) == CGW_MODATTR_LEN) {
 		nla_memcpy(&mb, tb[CGW_MOD_OR], CGW_MODATTR_LEN);
 		canframecpy(&mod->modframe.or, &mb.cf);
@@ -610,8 +621,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 			mod->modfunc[modidx++] = mod_or_data;
 	}
-	if (tb[CGW_MOD_XOR] &&
+	if (tb[CGW_MOD_XOR]) {
-	    nla_len(tb[CGW_MOD_XOR]) == CGW_MODATTR_LEN) {
 		nla_memcpy(&mb, tb[CGW_MOD_XOR], CGW_MODATTR_LEN);
 		canframecpy(&mod->modframe.xor, &mb.cf);
@@ -627,8 +637,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 			mod->modfunc[modidx++] = mod_xor_data;
 	}
-	if (tb[CGW_MOD_SET] &&
+	if (tb[CGW_MOD_SET]) {
-	    nla_len(tb[CGW_MOD_SET]) == CGW_MODATTR_LEN) {
 		nla_memcpy(&mb, tb[CGW_MOD_SET], CGW_MODATTR_LEN);
 		canframecpy(&mod->modframe.set, &mb.cf);
@@ -647,9 +656,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 	/* check for checksum operations after CAN frame modifications */
 	if (modidx) {
-		if (tb[CGW_CS_CRC8] &&
+		if (tb[CGW_CS_CRC8]) {
-		    nla_len(tb[CGW_CS_CRC8]) == CGW_CS_CRC8_LEN) {
 			struct cgw_csum_crc8 *c = (struct cgw_csum_crc8 *)\
 				nla_data(tb[CGW_CS_CRC8]);
@@ -674,9 +681,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 				mod->csumfunc.crc8 = cgw_csum_crc8_neg;
 		}
-		if (tb[CGW_CS_XOR] &&
+		if (tb[CGW_CS_XOR]) {
-		    nla_len(tb[CGW_CS_XOR]) == CGW_CS_XOR_LEN) {
 			struct cgw_csum_xor *c = (struct cgw_csum_xor *)\
 				nla_data(tb[CGW_CS_XOR]);
@@ -710,8 +715,7 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 		memset(ccgw, 0, sizeof(*ccgw));
 		/* check for can_filter in attributes */
-		if (tb[CGW_FILTER] &&
+		if (tb[CGW_FILTER])
-		    nla_len(tb[CGW_FILTER]) == sizeof(struct can_filter))
 			nla_memcpy(&ccgw->filter, tb[CGW_FILTER],
 				   sizeof(struct can_filter));
@@ -721,13 +725,8 @@ static int cgw_parse_attr(struct nlmsghdr *nlh, struct cf_mod *mod,
 		if (!tb[CGW_SRC_IF] || !tb[CGW_DST_IF])
 			return err;
-		if (nla_len(tb[CGW_SRC_IF]) == sizeof(u32))
+		ccgw->src_idx = nla_get_u32(tb[CGW_SRC_IF]);
-			nla_memcpy(&ccgw->src_idx, tb[CGW_SRC_IF],
+		ccgw->dst_idx = nla_get_u32(tb[CGW_DST_IF]);
-				   sizeof(u32));
-		if (nla_len(tb[CGW_DST_IF]) == sizeof(u32))
-			nla_memcpy(&ccgw->dst_idx, tb[CGW_DST_IF],
-				   sizeof(u32));
 		/* both indices set to 0 for flushing all routing entries */
 		if (!ccgw->src_idx && !ccgw->dst_idx)