From: Marek Lindner Date: Tue, 19 Oct 2010 09:59:13 +0000 (+0200) Subject: Staging: batman-adv: protect against ogm packet overflow by checking table length X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=24fb009bae18f2ef712800ee9b2f52c177d9d3f9;p=linux-beck.git Staging: batman-adv: protect against ogm packet overflow by checking table length Reported-by: Sam Yeung Signed-off-by: Marek Lindner Signed-off-by: Sven Eckelmann Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/batman-adv/translation-table.c b/drivers/staging/batman-adv/translation-table.c index 12b23259c385..681ccbda3eac 100644 --- a/drivers/staging/batman-adv/translation-table.c +++ b/drivers/staging/batman-adv/translation-table.c @@ -59,6 +59,7 @@ void hna_local_add(struct net_device *soft_iface, uint8_t *addr) struct hna_global_entry *hna_global_entry; struct hashtable_t *swaphash; unsigned long flags; + int required_bytes; spin_lock_irqsave(&bat_priv->hna_lhash_lock, flags); hna_local_entry = @@ -74,8 +75,12 @@ void hna_local_add(struct net_device *soft_iface, uint8_t *addr) /* only announce as many hosts as possible in the batman-packet and space in batman_packet->num_hna That also should give a limit to MAC-flooding. */ - if ((bat_priv->num_local_hna + 1 > (ETH_DATA_LEN - BAT_PACKET_LEN) - / ETH_ALEN) || + required_bytes = (bat_priv->num_local_hna + 1) * ETH_ALEN; + required_bytes += BAT_PACKET_LEN; + + if ((required_bytes > ETH_DATA_LEN) || + (atomic_read(&bat_priv->aggregation_enabled) && + required_bytes > MAX_AGGREGATION_BYTES) || (bat_priv->num_local_hna + 1 > 255)) { bat_dbg(DBG_ROUTES, bat_priv, "Can't add new local hna entry (%pM): "