Skip to content

Commit be51da0

Browse files
davem330davem330
committed
ieee802154: Stop using NLA_PUT*().
These macros contain a hidden goto, and are thus extremely error prone and make code hard to audit. Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent d317e4f commit be51da0

File tree

2 files changed

+85
-90
lines changed

2 files changed

+85
-90
lines changed

net/ieee802154/nl-mac.c

Lines changed: 71 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -63,15 +63,14 @@ int ieee802154_nl_assoc_indic(struct net_device *dev,
6363
if (!msg)
6464
return -ENOBUFS;
6565

66-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
67-
NLA_PUT_U32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex);
68-
NLA_PUT(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
69-
dev->dev_addr);
70-
71-
NLA_PUT(msg, IEEE802154_ATTR_SRC_HW_ADDR, IEEE802154_ADDR_LEN,
72-
addr->hwaddr);
73-
74-
NLA_PUT_U8(msg, IEEE802154_ATTR_CAPABILITY, cap);
66+
if (nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name) ||
67+
nla_put_u32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex) ||
68+
nla_put(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
69+
dev->dev_addr) ||
70+
nla_put(msg, IEEE802154_ATTR_SRC_HW_ADDR, IEEE802154_ADDR_LEN,
71+
addr->hwaddr) ||
72+
nla_put_u8(msg, IEEE802154_ATTR_CAPABILITY, cap))
73+
goto nla_put_failure;
7574

7675
return ieee802154_nl_mcast(msg, ieee802154_coord_mcgrp.id);
7776

@@ -92,14 +91,13 @@ int ieee802154_nl_assoc_confirm(struct net_device *dev, u16 short_addr,
9291
if (!msg)
9392
return -ENOBUFS;
9493

95-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
96-
NLA_PUT_U32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex);
97-
NLA_PUT(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
98-
dev->dev_addr);
99-
100-
NLA_PUT_U16(msg, IEEE802154_ATTR_SHORT_ADDR, short_addr);
101-
NLA_PUT_U8(msg, IEEE802154_ATTR_STATUS, status);
102-
94+
if (nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name) ||
95+
nla_put_u32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex) ||
96+
nla_put(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
97+
dev->dev_addr) ||
98+
nla_put_u16(msg, IEEE802154_ATTR_SHORT_ADDR, short_addr) ||
99+
nla_put_u8(msg, IEEE802154_ATTR_STATUS, status))
100+
goto nla_put_failure;
103101
return ieee802154_nl_mcast(msg, ieee802154_coord_mcgrp.id);
104102

105103
nla_put_failure:
@@ -119,20 +117,22 @@ int ieee802154_nl_disassoc_indic(struct net_device *dev,
119117
if (!msg)
120118
return -ENOBUFS;
121119

122-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
123-
NLA_PUT_U32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex);
124-
NLA_PUT(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
125-
dev->dev_addr);
126-
127-
if (addr->addr_type == IEEE802154_ADDR_LONG)
128-
NLA_PUT(msg, IEEE802154_ATTR_SRC_HW_ADDR, IEEE802154_ADDR_LEN,
129-
addr->hwaddr);
130-
else
131-
NLA_PUT_U16(msg, IEEE802154_ATTR_SRC_SHORT_ADDR,
132-
addr->short_addr);
133-
134-
NLA_PUT_U8(msg, IEEE802154_ATTR_REASON, reason);
135-
120+
if (nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name) ||
121+
nla_put_u32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex) ||
122+
nla_put(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
123+
dev->dev_addr))
124+
goto nla_put_failure;
125+
if (addr->addr_type == IEEE802154_ADDR_LONG) {
126+
if (nla_put(msg, IEEE802154_ATTR_SRC_HW_ADDR, IEEE802154_ADDR_LEN,
127+
addr->hwaddr))
128+
goto nla_put_failure;
129+
} else {
130+
if (nla_put_u16(msg, IEEE802154_ATTR_SRC_SHORT_ADDR,
131+
addr->short_addr))
132+
goto nla_put_failure;
133+
}
134+
if (nla_put_u8(msg, IEEE802154_ATTR_REASON, reason))
135+
goto nla_put_failure;
136136
return ieee802154_nl_mcast(msg, ieee802154_coord_mcgrp.id);
137137

138138
nla_put_failure:
@@ -151,13 +151,12 @@ int ieee802154_nl_disassoc_confirm(struct net_device *dev, u8 status)
151151
if (!msg)
152152
return -ENOBUFS;
153153

154-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
155-
NLA_PUT_U32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex);
156-
NLA_PUT(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
157-
dev->dev_addr);
158-
159-
NLA_PUT_U8(msg, IEEE802154_ATTR_STATUS, status);
160-
154+
if (nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name) ||
155+
nla_put_u32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex) ||
156+
nla_put(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
157+
dev->dev_addr) ||
158+
nla_put_u8(msg, IEEE802154_ATTR_STATUS, status))
159+
goto nla_put_failure;
161160
return ieee802154_nl_mcast(msg, ieee802154_coord_mcgrp.id);
162161

163162
nla_put_failure:
@@ -177,13 +176,13 @@ int ieee802154_nl_beacon_indic(struct net_device *dev,
177176
if (!msg)
178177
return -ENOBUFS;
179178

180-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
181-
NLA_PUT_U32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex);
182-
NLA_PUT(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
183-
dev->dev_addr);
184-
NLA_PUT_U16(msg, IEEE802154_ATTR_COORD_SHORT_ADDR, coord_addr);
185-
NLA_PUT_U16(msg, IEEE802154_ATTR_COORD_PAN_ID, panid);
186-
179+
if (nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name) ||
180+
nla_put_u32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex) ||
181+
nla_put(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
182+
dev->dev_addr) ||
183+
nla_put_u16(msg, IEEE802154_ATTR_COORD_SHORT_ADDR, coord_addr) ||
184+
nla_put_u16(msg, IEEE802154_ATTR_COORD_PAN_ID, panid))
185+
goto nla_put_failure;
187186
return ieee802154_nl_mcast(msg, ieee802154_coord_mcgrp.id);
188187

189188
nla_put_failure:
@@ -204,19 +203,17 @@ int ieee802154_nl_scan_confirm(struct net_device *dev,
204203
if (!msg)
205204
return -ENOBUFS;
206205

207-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
208-
NLA_PUT_U32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex);
209-
NLA_PUT(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
210-
dev->dev_addr);
211-
212-
NLA_PUT_U8(msg, IEEE802154_ATTR_STATUS, status);
213-
NLA_PUT_U8(msg, IEEE802154_ATTR_SCAN_TYPE, scan_type);
214-
NLA_PUT_U32(msg, IEEE802154_ATTR_CHANNELS, unscanned);
215-
NLA_PUT_U8(msg, IEEE802154_ATTR_PAGE, page);
216-
217-
if (edl)
218-
NLA_PUT(msg, IEEE802154_ATTR_ED_LIST, 27, edl);
219-
206+
if (nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name) ||
207+
nla_put_u32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex) ||
208+
nla_put(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
209+
dev->dev_addr) ||
210+
nla_put_u8(msg, IEEE802154_ATTR_STATUS, status) ||
211+
nla_put_u8(msg, IEEE802154_ATTR_SCAN_TYPE, scan_type) ||
212+
nla_put_u32(msg, IEEE802154_ATTR_CHANNELS, unscanned) ||
213+
nla_put_u8(msg, IEEE802154_ATTR_PAGE, page) ||
214+
(edl &&
215+
nla_put(msg, IEEE802154_ATTR_ED_LIST, 27, edl)))
216+
goto nla_put_failure;
220217
return ieee802154_nl_mcast(msg, ieee802154_coord_mcgrp.id);
221218

222219
nla_put_failure:
@@ -235,13 +232,12 @@ int ieee802154_nl_start_confirm(struct net_device *dev, u8 status)
235232
if (!msg)
236233
return -ENOBUFS;
237234

238-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
239-
NLA_PUT_U32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex);
240-
NLA_PUT(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
241-
dev->dev_addr);
242-
243-
NLA_PUT_U8(msg, IEEE802154_ATTR_STATUS, status);
244-
235+
if (nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name) ||
236+
nla_put_u32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex) ||
237+
nla_put(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
238+
dev->dev_addr) ||
239+
nla_put_u8(msg, IEEE802154_ATTR_STATUS, status))
240+
goto nla_put_failure;
245241
return ieee802154_nl_mcast(msg, ieee802154_coord_mcgrp.id);
246242

247243
nla_put_failure:
@@ -266,16 +262,16 @@ static int ieee802154_nl_fill_iface(struct sk_buff *msg, u32 pid,
266262
phy = ieee802154_mlme_ops(dev)->get_phy(dev);
267263
BUG_ON(!phy);
268264

269-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
270-
NLA_PUT_STRING(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy));
271-
NLA_PUT_U32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex);
272-
273-
NLA_PUT(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
274-
dev->dev_addr);
275-
NLA_PUT_U16(msg, IEEE802154_ATTR_SHORT_ADDR,
276-
ieee802154_mlme_ops(dev)->get_short_addr(dev));
277-
NLA_PUT_U16(msg, IEEE802154_ATTR_PAN_ID,
278-
ieee802154_mlme_ops(dev)->get_pan_id(dev));
265+
if (nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name) ||
266+
nla_put_string(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy)) ||
267+
nla_put_u32(msg, IEEE802154_ATTR_DEV_INDEX, dev->ifindex) ||
268+
nla_put(msg, IEEE802154_ATTR_HW_ADDR, IEEE802154_ADDR_LEN,
269+
dev->dev_addr) ||
270+
nla_put_u16(msg, IEEE802154_ATTR_SHORT_ADDR,
271+
ieee802154_mlme_ops(dev)->get_short_addr(dev)) ||
272+
nla_put_u16(msg, IEEE802154_ATTR_PAN_ID,
273+
ieee802154_mlme_ops(dev)->get_pan_id(dev)))
274+
goto nla_put_failure;
279275
wpan_phy_put(phy);
280276
return genlmsg_end(msg, hdr);
281277

net/ieee802154/nl-phy.c

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -53,18 +53,18 @@ static int ieee802154_nl_fill_phy(struct sk_buff *msg, u32 pid,
5353
goto out;
5454

5555
mutex_lock(&phy->pib_lock);
56-
NLA_PUT_STRING(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy));
57-
58-
NLA_PUT_U8(msg, IEEE802154_ATTR_PAGE, phy->current_page);
59-
NLA_PUT_U8(msg, IEEE802154_ATTR_CHANNEL, phy->current_channel);
56+
if (nla_put_string(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy)) ||
57+
nla_put_u8(msg, IEEE802154_ATTR_PAGE, phy->current_page) ||
58+
nla_put_u8(msg, IEEE802154_ATTR_CHANNEL, phy->current_channel))
59+
goto nla_put_failure;
6060
for (i = 0; i < 32; i++) {
6161
if (phy->channels_supported[i])
6262
buf[pages++] = phy->channels_supported[i] | (i << 27);
6363
}
64-
if (pages)
65-
NLA_PUT(msg, IEEE802154_ATTR_CHANNEL_PAGE_LIST,
66-
pages * sizeof(uint32_t), buf);
67-
64+
if (pages &&
65+
nla_put(msg, IEEE802154_ATTR_CHANNEL_PAGE_LIST,
66+
pages * sizeof(uint32_t), buf))
67+
goto nla_put_failure;
6868
mutex_unlock(&phy->pib_lock);
6969
kfree(buf);
7070
return genlmsg_end(msg, hdr);
@@ -245,9 +245,9 @@ static int ieee802154_add_iface(struct sk_buff *skb,
245245
goto dev_unregister;
246246
}
247247

248-
NLA_PUT_STRING(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy));
249-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, dev->name);
250-
248+
if (nla_put_string(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy)) ||
249+
nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name))
250+
goto nla_put_failure;
251251
dev_put(dev);
252252

253253
wpan_phy_put(phy);
@@ -333,10 +333,9 @@ static int ieee802154_del_iface(struct sk_buff *skb,
333333

334334
rtnl_unlock();
335335

336-
337-
NLA_PUT_STRING(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy));
338-
NLA_PUT_STRING(msg, IEEE802154_ATTR_DEV_NAME, name);
339-
336+
if (nla_put_string(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy)) ||
337+
nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, name))
338+
goto nla_put_failure;
340339
wpan_phy_put(phy);
341340

342341
return ieee802154_nl_reply(msg, info);

0 commit comments

Comments
 (0)