ipv6: do compat setsockopt for MCAST_MSFILTER directly (168a2cca) · Commits · EulixOS / Software / Kernel

net/ipv6/ipv6_sockglue.c

+47 −1

Original line number	Diff line number	Diff line
		@@ -980,9 +980,55 @@ int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
		case MCAST_LEAVE_SOURCE_GROUP:
		case MCAST_BLOCK_SOURCE:
		case MCAST_UNBLOCK_SOURCE:
		case MCAST_MSFILTER:
		return compat_mc_setsockopt(sk, level, optname, optval, optlen,
		ipv6_setsockopt);
		case MCAST_MSFILTER:
		{
		const int size0 = offsetof(struct compat_group_filter, gf_slist);
		struct compat_group_filter *gf32;
		void *p;
		int n;

		if (optlen < size0)
		return -EINVAL;
		if (optlen > sysctl_optmem_max - 4)
		return -ENOBUFS;

		p = kmalloc(optlen + 4, GFP_KERNEL);
		if (!p)
		return -ENOMEM;

		gf32 = p + 4; /* we want ->gf_group and ->gf_slist aligned */
		if (copy_from_user(gf32, optval, optlen)) {
		err = -EFAULT;
		goto mc_msf_out;
		}

		n = gf32->gf_numsrc;
		/* numsrc >= (4G-140)/128 overflow in 32 bits */
		if (n >= 0x1ffffffU \|\|
		n > sysctl_mld_max_msf) {
		err = -ENOBUFS;
		goto mc_msf_out;
		}
		if (offsetof(struct compat_group_filter, gf_slist[n]) > optlen) {
		err = -EINVAL;
		goto mc_msf_out;
		}

		rtnl_lock();
		lock_sock(sk);
		err = ip6_mc_msfilter(sk, &(struct group_filter){
		.gf_interface = gf32->gf_interface,
		.gf_group = gf32->gf_group,
		.gf_fmode = gf32->gf_fmode,
		.gf_numsrc = gf32->gf_numsrc}, gf32->gf_slist);
		release_sock(sk);
		rtnl_unlock();
		mc_msf_out:
		kfree(p);
		return err;
		}
		}

		err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);