summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorSabrina Dubroca <sd@queasysnail.net>2018-07-09 13:25:14 +0300
committerDavid S. Miller <davem@davemloft.net>2018-07-12 08:50:45 +0300
commitc6dbf7aaa48289d2eeacbef06785c069869ed0c0 (patch)
tree18bd5526b9e09090fc8b128ce3437f987e56d712 /security
parent5e9a0fe492f89ff1c7583ee6ea89dc37b8c2e5c2 (diff)
downloadlinux-c6dbf7aaa48289d2eeacbef06785c069869ed0c0.tar.xz
net/ipv6: fix addrconf_sysctl_addr_gen_mode
addrconf_sysctl_addr_gen_mode() has multiple problems. First, it ignores the errors returned by proc_dointvec(). addrconf_sysctl_addr_gen_mode() calls proc_dointvec() directly, which writes the value to memory, and then checks if it's valid and may return EINVAL. If a bad value is given, the value displayed when reading net.ipv6.conf.foo.addr_gen_mode next time will be invalid. In case the value provided by the user was valid, addrconf_dev_config() won't be called since idev->cnf.addr_gen_mode has already been updated. Fix this in the usual way we deal with values that need to be checked after the proc_do*() helper has returned: define a local ctl_table and storage, call proc_dointvec() on that temporary area, then check and store. addrconf_sysctl_addr_gen_mode() also writes the new value to the global ipv6_devconf_dflt, when we're writing to some netns's default, so that new netns will inherit the value that was set by the change occuring in any netns. That doesn't make any sense, so let's drop this assignment. Finally, since addr_gen_mode is a __u32, switch to proc_douintvec(). Fixes: d35a00b8e33d ("net/ipv6: allow sysctl to change link-local address generation mode") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions