Promiscuity counter underflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Hi everyone,

I noticed that the function __dev_set_promiscuity() does not check the
inc parameter properly. 
Like nice little soldiers, we always used this function like this to
drop the promiscuity on a device :

__dev_set_promiscuity(dev, -1);

But nothing forbids to code something like:

__dev_set_promiscuity(dev, -5);

If the promiscuity reference counter is lower than 5 then the value
underflows (because dev->promiscuity is unsigned int).

Here is a proposed patch to report elegantly when such situation would
occur.

Regards,

Emmanuel Roullit

Signed-off-by: Emmanuel Roullit <emmanuel@xxxxxxxxxxxxxxx>

diff --git a/net/core/dev.c b/net/core/dev.c
index f769098..f49dbde 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3591,6 +3591,13 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc)
 
 	ASSERT_RTNL();
 
+	if (inc < 0 && -inc > dev->promiscuity)	{
+		printk(KERN_WARNING "%s: promiscuity touches bottom, "
+			"set promiscuity failed, promiscuity feature "
+			"of device might be broken.\n", dev->name);
+		return -EOVERFLOW;
+	}
+
 	dev->flags |= IFF_PROMISC;
 	dev->promiscuity += inc;
 	if (dev->promiscuity == 0) {

--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Photo]     [Yosemite]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]     [Video 4 Linux]     [Linux Resources]

Add to Google