Bug report: etherip module tunnel

Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions
View previous topic :: View next topic  
Author Message
AdamWu
DD-WRT Novice


Joined: 07 Mar 2011
Posts: 26
PostPosted: Mon Mar 24, 2014 5:23    Post subject: Bug report: etherip module tunnel Reply with quote
I came across this bug when I am trying to "borrow" some code in the etherip module for vyatta.

In the latest SVN, linux-3.14/net/ipv4/etherip.c

line 409:
if (dev == etherip_tunnel_dev) {

should be moved to before line 403.

The logic is quite subtle -- there are two kinds of removal operations: remove by device name; or remove by destination IP.

For former, the ioctl is sent directly to the corresponding device, so line 415 will directly get the reference to the data structure for removal;

For latter, the ioctl is sent to the "root" pseudo tunnel device, with destination IP in the parameter fields. Then line 403-406 should copy the parameter from user space, and 410-413 find the reference to the data structure for removal;

In the current code, line 409 came too late, so the copy of parameter from user space is performed regardless. And this will trigger EFAULT error for application that sends the first kind of removal request.
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum