|
 |
7e752c |
From 03525ec63a5821a30461047da1dc8d907b3e3751 Mon Sep 17 00:00:00 2001
|
|
|
7e752c |
From: Phil Sutter <psutter@redhat.com>
|
|
|
7e752c |
Date: Thu, 18 Oct 2018 12:49:51 +0200
|
|
|
7e752c |
Subject: [PATCH] macsec: fix off-by-one when parsing attributes
|
|
|
7e752c |
|
|
|
7e752c |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1628428
|
|
|
7e752c |
Upstream Status: iproute2.git commit 9b45f8ec13b0d
|
|
|
7e752c |
|
|
|
7e752c |
commit 9b45f8ec13b0d338c70ef0758f751c249be6c7f0
|
|
|
7e752c |
Author: Sabrina Dubroca <sd@queasysnail.net>
|
|
|
7e752c |
Date: Fri Oct 12 17:34:12 2018 +0200
|
|
|
7e752c |
|
|
|
7e752c |
macsec: fix off-by-one when parsing attributes
|
|
|
7e752c |
|
|
|
7e752c |
I seem to have had a massive brainfart with uses of
|
|
|
7e752c |
parse_rtattr_nested(). The rtattr* array must have MAX+1 elements, and
|
|
|
7e752c |
the call to parse_rtattr_nested must have MAX as its bound. Let's fix
|
|
|
7e752c |
those.
|
|
|
7e752c |
|
|
|
7e752c |
Fixes: b26fc590ce62 ("ip: add MACsec support")
|
|
|
7e752c |
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
|
|
|
7e752c |
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
|
7e752c |
---
|
|
|
7e752c |
ip/ipmacsec.c | 18 +++++++++---------
|
|
|
7e752c |
1 file changed, 9 insertions(+), 9 deletions(-)
|
|
|
7e752c |
|
|
|
7e752c |
diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
|
|
|
7e752c |
index fa56e0e..007ce54 100644
|
|
|
7e752c |
--- a/ip/ipmacsec.c
|
|
|
7e752c |
+++ b/ip/ipmacsec.c
|
|
|
7e752c |
@@ -727,7 +727,7 @@ static void print_txsc_stats(const char *prefix, struct rtattr *attr)
|
|
|
7e752c |
if (!attr || show_stats == 0)
|
|
|
7e752c |
return;
|
|
|
7e752c |
|
|
|
7e752c |
- parse_rtattr_nested(stats, MACSEC_TXSC_STATS_ATTR_MAX + 1, attr);
|
|
|
7e752c |
+ parse_rtattr_nested(stats, MACSEC_TXSC_STATS_ATTR_MAX, attr);
|
|
|
7e752c |
|
|
|
7e752c |
print_stats(prefix, txsc_stats_names, NUM_MACSEC_TXSC_STATS_ATTR,
|
|
|
7e752c |
stats);
|
|
|
7e752c |
@@ -751,7 +751,7 @@ static void print_secy_stats(const char *prefix, struct rtattr *attr)
|
|
|
7e752c |
if (!attr || show_stats == 0)
|
|
|
7e752c |
return;
|
|
|
7e752c |
|
|
|
7e752c |
- parse_rtattr_nested(stats, MACSEC_SECY_STATS_ATTR_MAX + 1, attr);
|
|
|
7e752c |
+ parse_rtattr_nested(stats, MACSEC_SECY_STATS_ATTR_MAX, attr);
|
|
|
7e752c |
|
|
|
7e752c |
print_stats(prefix, secy_stats_names,
|
|
|
7e752c |
NUM_MACSEC_SECY_STATS_ATTR, stats);
|
|
|
7e752c |
@@ -772,7 +772,7 @@ static void print_rxsa_stats(const char *prefix, struct rtattr *attr)
|
|
|
7e752c |
if (!attr || show_stats == 0)
|
|
|
7e752c |
return;
|
|
|
7e752c |
|
|
|
7e752c |
- parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX + 1, attr);
|
|
|
7e752c |
+ parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX, attr);
|
|
|
7e752c |
|
|
|
7e752c |
print_stats(prefix, rxsa_stats_names, NUM_MACSEC_SA_STATS_ATTR, stats);
|
|
|
7e752c |
}
|
|
|
7e752c |
@@ -789,7 +789,7 @@ static void print_txsa_stats(const char *prefix, struct rtattr *attr)
|
|
|
7e752c |
if (!attr || show_stats == 0)
|
|
|
7e752c |
return;
|
|
|
7e752c |
|
|
|
7e752c |
- parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX + 1, attr);
|
|
|
7e752c |
+ parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX, attr);
|
|
|
7e752c |
|
|
|
7e752c |
print_stats(prefix, txsa_stats_names, NUM_MACSEC_SA_STATS_ATTR, stats);
|
|
|
7e752c |
}
|
|
|
7e752c |
@@ -817,7 +817,7 @@ static void print_tx_sc(const char *prefix, __u64 sci, __u8 encoding_sa,
|
|
|
7e752c |
bool state;
|
|
|
7e752c |
|
|
|
7e752c |
open_json_object(NULL);
|
|
|
7e752c |
- parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX + 1, a);
|
|
|
7e752c |
+ parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX, a);
|
|
|
7e752c |
state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]);
|
|
|
7e752c |
|
|
|
7e752c |
print_string(PRINT_FP, NULL, "%s", prefix);
|
|
|
7e752c |
@@ -858,7 +858,7 @@ static void print_rxsc_stats(const char *prefix, struct rtattr *attr)
|
|
|
7e752c |
if (!attr || show_stats == 0)
|
|
|
7e752c |
return;
|
|
|
7e752c |
|
|
|
7e752c |
- parse_rtattr_nested(stats, MACSEC_RXSC_STATS_ATTR_MAX + 1, attr);
|
|
|
7e752c |
+ parse_rtattr_nested(stats, MACSEC_RXSC_STATS_ATTR_MAX, attr);
|
|
|
7e752c |
|
|
|
7e752c |
print_stats(prefix, rxsc_stats_names,
|
|
|
7e752c |
NUM_MACSEC_RXSC_STATS_ATTR, stats);
|
|
|
7e752c |
@@ -885,7 +885,7 @@ static void print_rx_sc(const char *prefix, __be64 sci, __u8 active,
|
|
|
7e752c |
bool state;
|
|
|
7e752c |
|
|
|
7e752c |
open_json_object(NULL);
|
|
|
7e752c |
- parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX + 1, a);
|
|
|
7e752c |
+ parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX, a);
|
|
|
7e752c |
state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]);
|
|
|
7e752c |
|
|
|
7e752c |
print_string(PRINT_FP, NULL, "%s", prefix);
|
|
|
7e752c |
@@ -918,7 +918,7 @@ static void print_rxsc_list(struct rtattr *sc)
|
|
|
7e752c |
|
|
|
7e752c |
open_json_object(NULL);
|
|
|
7e752c |
|
|
|
7e752c |
- parse_rtattr_nested(sc_attr, MACSEC_RXSC_ATTR_MAX + 1, c);
|
|
|
7e752c |
+ parse_rtattr_nested(sc_attr, MACSEC_RXSC_ATTR_MAX, c);
|
|
|
7e752c |
print_rx_sc(" ",
|
|
|
7e752c |
rta_getattr_u64(sc_attr[MACSEC_RXSC_ATTR_SCI]),
|
|
|
7e752c |
rta_getattr_u32(sc_attr[MACSEC_RXSC_ATTR_ACTIVE]),
|
|
|
7e752c |
@@ -958,7 +958,7 @@ static int process(const struct sockaddr_nl *who, struct nlmsghdr *n,
|
|
|
7e752c |
}
|
|
|
7e752c |
|
|
|
7e752c |
ifindex = rta_getattr_u32(attrs[MACSEC_ATTR_IFINDEX]);
|
|
|
7e752c |
- parse_rtattr_nested(attrs_secy, MACSEC_SECY_ATTR_MAX + 1,
|
|
|
7e752c |
+ parse_rtattr_nested(attrs_secy, MACSEC_SECY_ATTR_MAX,
|
|
|
7e752c |
attrs[MACSEC_ATTR_SECY]);
|
|
|
7e752c |
|
|
|
7e752c |
if (!validate_secy_dump(attrs_secy)) {
|
|
|
7e752c |
--
|
|
|
7e752c |
1.8.3.1
|
|
|
7e752c |
|