mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-15 13:15:57 +00:00
ipvs: Improve robustness to the ipvs sysctl
The ipvs module parse the user buffer and save it to sysctl, then check if the value is valid. invalid value occurs over a period of time. Here, I add a variable, struct ctl_table tmp, used to read the value from the user buffer, and save only when it is valid. I delete proc_do_sync_mode and use extra1/2 in table for the proc_dointvec_minmax call. Fixes: f73181c8288f ("ipvs: add support for sync threads") Signed-off-by: Junwei Hu <hujunwei4@huawei.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
e84fb4b366
commit
1b90af292e
@ -1737,12 +1737,18 @@ proc_do_defense_mode(struct ctl_table *table, int write,
|
||||
int val = *valp;
|
||||
int rc;
|
||||
|
||||
rc = proc_dointvec(table, write, buffer, lenp, ppos);
|
||||
struct ctl_table tmp = {
|
||||
.data = &val,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = table->mode,
|
||||
};
|
||||
|
||||
rc = proc_dointvec(&tmp, write, buffer, lenp, ppos);
|
||||
if (write && (*valp != val)) {
|
||||
if ((*valp < 0) || (*valp > 3)) {
|
||||
/* Restore the correct value */
|
||||
*valp = val;
|
||||
if (val < 0 || val > 3) {
|
||||
rc = -EINVAL;
|
||||
} else {
|
||||
*valp = val;
|
||||
update_defense_level(ipvs);
|
||||
}
|
||||
}
|
||||
@ -1756,33 +1762,20 @@ proc_do_sync_threshold(struct ctl_table *table, int write,
|
||||
int *valp = table->data;
|
||||
int val[2];
|
||||
int rc;
|
||||
struct ctl_table tmp = {
|
||||
.data = &val,
|
||||
.maxlen = table->maxlen,
|
||||
.mode = table->mode,
|
||||
};
|
||||
|
||||
/* backup the value first */
|
||||
memcpy(val, valp, sizeof(val));
|
||||
|
||||
rc = proc_dointvec(table, write, buffer, lenp, ppos);
|
||||
if (write && (valp[0] < 0 || valp[1] < 0 ||
|
||||
(valp[0] >= valp[1] && valp[1]))) {
|
||||
/* Restore the correct value */
|
||||
memcpy(valp, val, sizeof(val));
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
||||
static int
|
||||
proc_do_sync_mode(struct ctl_table *table, int write,
|
||||
void __user *buffer, size_t *lenp, loff_t *ppos)
|
||||
{
|
||||
int *valp = table->data;
|
||||
int val = *valp;
|
||||
int rc;
|
||||
|
||||
rc = proc_dointvec(table, write, buffer, lenp, ppos);
|
||||
if (write && (*valp != val)) {
|
||||
if ((*valp < 0) || (*valp > 1)) {
|
||||
/* Restore the correct value */
|
||||
*valp = val;
|
||||
}
|
||||
rc = proc_dointvec(&tmp, write, buffer, lenp, ppos);
|
||||
if (write) {
|
||||
if (val[0] < 0 || val[1] < 0 ||
|
||||
(val[0] >= val[1] && val[1]))
|
||||
rc = -EINVAL;
|
||||
else
|
||||
memcpy(valp, val, sizeof(val));
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
@ -1795,12 +1788,18 @@ proc_do_sync_ports(struct ctl_table *table, int write,
|
||||
int val = *valp;
|
||||
int rc;
|
||||
|
||||
rc = proc_dointvec(table, write, buffer, lenp, ppos);
|
||||
struct ctl_table tmp = {
|
||||
.data = &val,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = table->mode,
|
||||
};
|
||||
|
||||
rc = proc_dointvec(&tmp, write, buffer, lenp, ppos);
|
||||
if (write && (*valp != val)) {
|
||||
if (*valp < 1 || !is_power_of_2(*valp)) {
|
||||
/* Restore the correct value */
|
||||
if (val < 1 || !is_power_of_2(val))
|
||||
rc = -EINVAL;
|
||||
else
|
||||
*valp = val;
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
@ -1860,7 +1859,9 @@ static struct ctl_table vs_vars[] = {
|
||||
.procname = "sync_version",
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = proc_do_sync_mode,
|
||||
.proc_handler = proc_dointvec_minmax,
|
||||
.extra1 = SYSCTL_ZERO,
|
||||
.extra2 = SYSCTL_ONE,
|
||||
},
|
||||
{
|
||||
.procname = "sync_ports",
|
||||
|
Loading…
x
Reference in New Issue
Block a user