49 lines
1.6 KiB
Diff
49 lines
1.6 KiB
Diff
|
From be550df10993c89e9367a860d5060c632ed9afbf Mon Sep 17 00:00:00 2001
|
||
|
|
From: Thomas Haller <thaller@redhat.com>
|
||
|
|
Date: Mon, 23 Oct 2017 10:54:10 +0200
|
||
|
|
Subject: [PATCH 07/76] route/vlan: add capability to indicate heap overflow
|
||
|
|
fix in rtnl_link_vlan_set_egress_map()
|
||
|
|
|
||
|
|
Without this fix/capablity, adding more then 4 mappings in
|
||
|
|
rtnl_link_vlan_set_egress_map() overflows the heap.
|
||
|
|
---
|
||
|
|
include/netlink/utils.h | 8 ++++++++
|
||
|
|
lib/utils.c | 2 +-
|
||
|
|
2 files changed, 9 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/include/netlink/utils.h b/include/netlink/utils.h
|
||
|
|
index 10e76ce..dc22c9d 100644
|
||
|
|
--- a/include/netlink/utils.h
|
||
|
|
+++ b/include/netlink/utils.h
|
||
|
|
@@ -286,6 +286,14 @@ enum {
|
||
|
|
NL_CAPABILITY_VERSION_3_4_0 = 28,
|
||
|
|
#define NL_CAPABILITY_VERSION_3_4_0 NL_CAPABILITY_VERSION_3_4_0
|
||
|
|
|
||
|
|
+ /**
|
||
|
|
+ * Fixed memory corruption in rtnl_link_vlan_set_egress_map(). Previously, if you tried
|
||
|
|
+ * to add more then 4 mappings, a buffer overflow occured. Also fixed nl_object_clone()
|
||
|
|
+ * for VLAN links.
|
||
|
|
+ */
|
||
|
|
+ NL_CAPABILITY_ROUTE_FIX_VLAN_SET_EGRESS_MAP = 29,
|
||
|
|
+#define NL_CAPABILITY_ROUTE_FIX_VLAN_SET_EGRESS_MAP NL_CAPABILITY_ROUTE_FIX_VLAN_SET_EGRESS_MAP
|
||
|
|
+
|
||
|
|
__NL_CAPABILITY_MAX,
|
||
|
|
NL_CAPABILITY_MAX = (__NL_CAPABILITY_MAX - 1),
|
||
|
|
#define NL_CAPABILITY_MAX NL_CAPABILITY_MAX
|
||
|
|
diff --git a/lib/utils.c b/lib/utils.c
|
||
|
|
index 544feda..eefe802 100644
|
||
|
|
--- a/lib/utils.c
|
||
|
|
+++ b/lib/utils.c
|
||
|
|
@@ -1221,7 +1221,7 @@ int nl_has_capability (int capability)
|
||
|
|
NL_CAPABILITY_XFRM_SP_SEC_CTX_LEN,
|
||
|
|
NL_CAPABILITY_VERSION_3_3_0,
|
||
|
|
NL_CAPABILITY_VERSION_3_4_0,
|
||
|
|
- 0,
|
||
|
|
+ NL_CAPABILITY_ROUTE_FIX_VLAN_SET_EGRESS_MAP,
|
||
|
|
0,
|
||
|
|
0,
|
||
|
|
0),
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|