Commit cc25eaae authored by Christoph Schulz's avatar Christoph Schulz Committed by David S. Miller

net: ppp: fix creating PPP pass and active filters

Commit 568f194e ("net: ppp: use
sk_unattached_filter api") inadvertently changed the logic when setting
PPP pass and active filters. This applies to both the generic PPP subsystem
implemented by drivers/net/ppp/ppp_generic.c and the ISDN PPP subsystem
implemented by drivers/isdn/i4l/isdn_ppp.c. The original code in ppp_ioctl()
(or isdn_ppp_ioctl(), resp.) handling PPPIOCSPASS and PPPIOCSACTIVE allowed to
remove a pass/active filter previously set by using a filter of length zero.
However, with the new code this is not possible anymore as this case is not
explicitly checked for, which leads to passing NULL as a filter to
sk_unattached_filter_create(). This results in returning EINVAL to the caller.

Additionally, the variables ppp->pass_filter and ppp->active_filter (or
is->pass_filter and is->active_filter, resp.) are not reset to NULL, although
the filters they point to may have been destroyed by
sk_unattached_filter_destroy(), so in this EINVAL case dangling pointers are
left behind (provided the pointers were previously non-NULL).

This patch corrects both problems by checking whether the filter passed is
empty or non-empty, and prevents sk_unattached_filter_create() from being
called in the first case. Moreover, the pointers are always reset to NULL
as soon as sk_unattached_filter_destroy() returns.
Signed-off-by: default avatarChristoph Schulz <develop@kristov.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 858e6c32
...@@ -638,9 +638,15 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -638,9 +638,15 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
fprog.len = len; fprog.len = len;
fprog.filter = code; fprog.filter = code;
if (is->pass_filter) if (is->pass_filter) {
sk_unattached_filter_destroy(is->pass_filter); sk_unattached_filter_destroy(is->pass_filter);
err = sk_unattached_filter_create(&is->pass_filter, &fprog); is->pass_filter = NULL;
}
if (fprog.filter != NULL)
err = sk_unattached_filter_create(&is->pass_filter,
&fprog);
else
err = 0;
kfree(code); kfree(code);
return err; return err;
...@@ -657,9 +663,15 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) ...@@ -657,9 +663,15 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg)
fprog.len = len; fprog.len = len;
fprog.filter = code; fprog.filter = code;
if (is->active_filter) if (is->active_filter) {
sk_unattached_filter_destroy(is->active_filter); sk_unattached_filter_destroy(is->active_filter);
err = sk_unattached_filter_create(&is->active_filter, &fprog); is->active_filter = NULL;
}
if (fprog.filter != NULL)
err = sk_unattached_filter_create(&is->active_filter,
&fprog);
else
err = 0;
kfree(code); kfree(code);
return err; return err;
......
...@@ -757,10 +757,15 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ...@@ -757,10 +757,15 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
}; };
ppp_lock(ppp); ppp_lock(ppp);
if (ppp->pass_filter) if (ppp->pass_filter) {
sk_unattached_filter_destroy(ppp->pass_filter); sk_unattached_filter_destroy(ppp->pass_filter);
ppp->pass_filter = NULL;
}
if (fprog.filter != NULL)
err = sk_unattached_filter_create(&ppp->pass_filter, err = sk_unattached_filter_create(&ppp->pass_filter,
&fprog); &fprog);
else
err = 0;
kfree(code); kfree(code);
ppp_unlock(ppp); ppp_unlock(ppp);
} }
...@@ -778,10 +783,15 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ...@@ -778,10 +783,15 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
}; };
ppp_lock(ppp); ppp_lock(ppp);
if (ppp->active_filter) if (ppp->active_filter) {
sk_unattached_filter_destroy(ppp->active_filter); sk_unattached_filter_destroy(ppp->active_filter);
ppp->active_filter = NULL;
}
if (fprog.filter != NULL)
err = sk_unattached_filter_create(&ppp->active_filter, err = sk_unattached_filter_create(&ppp->active_filter,
&fprog); &fprog);
else
err = 0;
kfree(code); kfree(code);
ppp_unlock(ppp); ppp_unlock(ppp);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment