Fix mpls maximum labels list parsing up to MAX_MPLS_LABELS/16 entries (instead of up to MAX_MPLS_LABELS - 1).
Addresses the following:
$ echo "mpls 00000f00,00000f01,00000f02,00000f03,00000f04,00000f05,00000f06,00000f07,00000f08,00000f09,00000f0a,00000f0b,00000f0c,00000f0d,00000f0e,00000f0f" > /proc/net/pktgen/lo@0 -bash: echo: write error: Argument list too long
Signed-off-by: Peter Seiderer ps.report@gmx.net --- Changes v4 -> v5 - split up patchset into part i/ii (suggested by Simon Horman) - change patch description ('Fixes:' -> 'Addresses the following:', suggested by Simon Horman)
Changes v3 -> v4 - new patch (factored out of patch 'net: pktgen: fix access outside of user given buffer in pktgen_if_write()') --- net/core/pktgen.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/core/pktgen.c b/net/core/pktgen.c index 436076a2ccb7..9b63feb8a33e 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -911,6 +911,10 @@ static ssize_t get_labels(const char __user *buffer, struct pktgen_dev *pkt_dev) pkt_dev->nr_labels = 0; do { __u32 tmp; + + if (n >= MAX_MPLS_LABELS) + return -E2BIG; + len = hex32_arg(&buffer[i], HEX_8_DIGITS, &tmp); if (len <= 0) return len; @@ -922,8 +926,6 @@ static ssize_t get_labels(const char __user *buffer, struct pktgen_dev *pkt_dev) return -EFAULT; i++; n++; - if (n >= MAX_MPLS_LABELS) - return -E2BIG; } while (c == ',');
pkt_dev->nr_labels = n;