From be550df10993c89e9367a860d5060c632ed9afbf Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Mon, 23 Oct 2017 10:54:10 +0200 Subject: [PATCH 07/76] route/vlan: add capability to indicate heap overflow fix in rtnl_link_vlan_set_egress_map() Without this fix/capablity, adding more then 4 mappings in rtnl_link_vlan_set_egress_map() overflows the heap. --- include/netlink/utils.h | 8 ++++++++ lib/utils.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/netlink/utils.h b/include/netlink/utils.h index 10e76ce..dc22c9d 100644 --- a/include/netlink/utils.h +++ b/include/netlink/utils.h @@ -286,6 +286,14 @@ enum { NL_CAPABILITY_VERSION_3_4_0 = 28, #define NL_CAPABILITY_VERSION_3_4_0 NL_CAPABILITY_VERSION_3_4_0 + /** + * Fixed memory corruption in rtnl_link_vlan_set_egress_map(). Previously, if you tried + * to add more then 4 mappings, a buffer overflow occured. Also fixed nl_object_clone() + * for VLAN links. + */ + NL_CAPABILITY_ROUTE_FIX_VLAN_SET_EGRESS_MAP = 29, +#define NL_CAPABILITY_ROUTE_FIX_VLAN_SET_EGRESS_MAP NL_CAPABILITY_ROUTE_FIX_VLAN_SET_EGRESS_MAP + __NL_CAPABILITY_MAX, NL_CAPABILITY_MAX = (__NL_CAPABILITY_MAX - 1), #define NL_CAPABILITY_MAX NL_CAPABILITY_MAX diff --git a/lib/utils.c b/lib/utils.c index 544feda..eefe802 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1221,7 +1221,7 @@ int nl_has_capability (int capability) NL_CAPABILITY_XFRM_SP_SEC_CTX_LEN, NL_CAPABILITY_VERSION_3_3_0, NL_CAPABILITY_VERSION_3_4_0, - 0, + NL_CAPABILITY_ROUTE_FIX_VLAN_SET_EGRESS_MAP, 0, 0, 0), -- 1.8.3.1