br2684: allow assign only on a connected socket
The br2684 does not check if used vcc is in connected state, causing potential Oops in pppoatm_send() when vcc->send() is called on not fully connected socket. Now br2684 can be assigned only on connected sockets; otherwise -EINVAL error is returned. Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
This commit is contained in:
parent
007ef52be1
commit
9eba25268e
1 changed files with 5 additions and 2 deletions
|
@ -735,10 +735,13 @@ static int br2684_ioctl(struct socket *sock, unsigned int cmd,
|
||||||
return -ENOIOCTLCMD;
|
return -ENOIOCTLCMD;
|
||||||
if (!capable(CAP_NET_ADMIN))
|
if (!capable(CAP_NET_ADMIN))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
if (cmd == ATM_SETBACKEND)
|
if (cmd == ATM_SETBACKEND) {
|
||||||
|
if (sock->state != SS_CONNECTED)
|
||||||
|
return -EINVAL;
|
||||||
return br2684_regvcc(atmvcc, argp);
|
return br2684_regvcc(atmvcc, argp);
|
||||||
else
|
} else {
|
||||||
return br2684_create(argp);
|
return br2684_create(argp);
|
||||||
|
}
|
||||||
#ifdef CONFIG_ATM_BR2684_IPFILTER
|
#ifdef CONFIG_ATM_BR2684_IPFILTER
|
||||||
case BR2684_SETFILT:
|
case BR2684_SETFILT:
|
||||||
if (atmvcc->push != br2684_push)
|
if (atmvcc->push != br2684_push)
|
||||||
|
|
Loading…
Reference in a new issue