| From foo@baz Wed Apr 11 10:26:56 CEST 2018 |
| From: Eric Dumazet <edumazet@google.com> |
| Date: Thu, 5 Apr 2018 06:39:30 -0700 |
| Subject: ip6_tunnel: better validate user provided tunnel names |
| |
| From: Eric Dumazet <edumazet@google.com> |
| |
| |
| [ Upstream commit db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257 ] |
| |
| Use valid_name() to make sure user does not provide illegal |
| device name. |
| |
| Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") |
| Signed-off-by: Eric Dumazet <edumazet@google.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/ip6_tunnel.c | 11 +++++++---- |
| 1 file changed, 7 insertions(+), 4 deletions(-) |
| |
| --- a/net/ipv6/ip6_tunnel.c |
| +++ b/net/ipv6/ip6_tunnel.c |
| @@ -298,13 +298,16 @@ static struct ip6_tnl *ip6_tnl_create(st |
| struct net_device *dev; |
| struct ip6_tnl *t; |
| char name[IFNAMSIZ]; |
| - int err = -ENOMEM; |
| + int err = -E2BIG; |
| |
| - if (p->name[0]) |
| + if (p->name[0]) { |
| + if (!dev_valid_name(p->name)) |
| + goto failed; |
| strlcpy(name, p->name, IFNAMSIZ); |
| - else |
| + } else { |
| sprintf(name, "ip6tnl%%d"); |
| - |
| + } |
| + err = -ENOMEM; |
| dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, |
| ip6_tnl_dev_setup); |
| if (!dev) |
