From 68ae54243cacee6beeb69842c7d562435acd5ad1 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Thu, 8 Feb 2018 08:42:37 +0100 Subject: ip: fix crash in "ip neigh show" parse_rtattr() was using tb[] array without initializing it. Based on patch by Balaji Punnuru function old new delta parse_rtattr 85 107 +22 print_route 1630 1617 -13 print_linkinfo 807 794 -13 iproute_get 835 822 -13 print_rule 680 665 -15 ll_remember_index 263 248 -15 print_addrinfo 1223 1197 -26 ipaddr_list_or_flush 1253 1223 -30 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/7 up/down: 22/-125) Total: -103 bytes Signed-off-by: Denys Vlasenko --- networking/tc.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'networking/tc.c') diff --git a/networking/tc.c b/networking/tc.c index 4e375a066..4fa3e47bf 100644 --- a/networking/tc.c +++ b/networking/tc.c @@ -66,17 +66,21 @@ enum /* nullifies tb on error */ #define __parse_rtattr_nested_compat(tb, max, rta, len) \ - ({if ((RTA_PAYLOAD(rta) >= len) && \ - (RTA_PAYLOAD(rta) >= RTA_ALIGN(len) + sizeof(struct rtattr))) { \ - rta = RTA_DATA(rta) + RTA_ALIGN(len); \ - parse_rtattr_nested(tb, max, rta); \ - } else \ - memset(tb, 0, sizeof(struct rtattr *) * (max + 1)); \ - }) +({ \ + if ((RTA_PAYLOAD(rta) >= len) \ + && (RTA_PAYLOAD(rta) >= RTA_ALIGN(len) + sizeof(struct rtattr)) \ + ) { \ + rta = RTA_DATA(rta) + RTA_ALIGN(len); \ + parse_rtattr_nested(tb, max, rta); \ + } else \ + memset(tb, 0, sizeof(struct rtattr *) * (max + 1)); \ +}) #define parse_rtattr_nested_compat(tb, max, rta, data, len) \ - ({data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \ - __parse_rtattr_nested_compat(tb, max, rta, len); }) +({ \ + data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \ + __parse_rtattr_nested_compat(tb, max, rta, len); \ +}) #define show_details (0) /* not implemented. Does anyone need it? */ #define use_iec (0) /* not currently documented in the upstream manpage */ -- cgit v1.2.3