Merge branch 'master' of /repos/git/net-next-2.6

[net-next-2.6.git] / net / netfilter / ipvs / ip_vs_ctl.c

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 6bde12da2fe0038660f6d3b7b195e8596c289e1e..00d0b152db39c2b36a17c55bf22d3190035ee4e2 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1843,7 +1843,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
        if (v == SEQ_START_TOKEN) {
                seq_printf(seq,
                        "IP Virtual Server version %d.%d.%d (size=%d)\n",
-                       NVERSION(IP_VS_VERSION_CODE), IP_VS_CONN_TAB_SIZE);
+                       NVERSION(IP_VS_VERSION_CODE), ip_vs_conn_tab_size);
                seq_puts(seq,
                         "Prot LocalAddress:Port Scheduler Flags\n");
                seq_puts(seq,
@@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
        if (!capable(CAP_NET_ADMIN))
                return -EPERM;
 
+       if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX)
+               return -EINVAL;
+       if (len < 0 || len >  MAX_ARG_LEN)
+               return -EINVAL;
        if (len != set_arglen[SET_CMDID(cmd)]) {
                pr_err("set_ctl: len %u != %u\n",
                       len, set_arglen[SET_CMDID(cmd)]);
@@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
 {
        unsigned char arg[128];
        int ret = 0;
+       unsigned int copylen;
 
        if (!capable(CAP_NET_ADMIN))
                return -EPERM;
 
+       if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX)
+               return -EINVAL;
+
        if (*len < get_arglen[GET_CMDID(cmd)]) {
                pr_err("get_ctl: len %u < %u\n",
                       *len, get_arglen[GET_CMDID(cmd)]);
                return -EINVAL;
        }
 
-       if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0)
+       copylen = get_arglen[GET_CMDID(cmd)];
+       if (copylen > 128)
+               return -EINVAL;
+
+       if (copy_from_user(arg, user, copylen) != 0)
                return -EFAULT;
 
        if (mutex_lock_interruptible(&__ip_vs_mutex))
@@ -2374,7 +2386,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
                char buf[64];
 
                sprintf(buf, "IP Virtual Server version %d.%d.%d (size=%d)",
-                       NVERSION(IP_VS_VERSION_CODE), IP_VS_CONN_TAB_SIZE);
+                       NVERSION(IP_VS_VERSION_CODE), ip_vs_conn_tab_size);
                if (copy_to_user(user, buf, strlen(buf)+1) != 0) {
                        ret = -EFAULT;
                        goto out;
@@ -2387,7 +2399,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
        {
                struct ip_vs_getinfo info;
                info.version = IP_VS_VERSION_CODE;
-               info.size = IP_VS_CONN_TAB_SIZE;
+               info.size = ip_vs_conn_tab_size;
                info.num_services = ip_vs_num_services;
                if (copy_to_user(user, &info, sizeof(info)) != 0)
                        ret = -EFAULT;
@@ -3231,7 +3243,7 @@ static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct genl_info *info)
        case IPVS_CMD_GET_INFO:
                NLA_PUT_U32(msg, IPVS_INFO_ATTR_VERSION, IP_VS_VERSION_CODE);
                NLA_PUT_U32(msg, IPVS_INFO_ATTR_CONN_TAB_SIZE,
-                           IP_VS_CONN_TAB_SIZE);
+                           ip_vs_conn_tab_size);
                break;
        }