From: Krzysztof Mazur Date: Wed, 28 Nov 2012 08:08:04 +0000 (+0100) Subject: br2684: allow assign only on a connected socket X-Git-Tag: firefly_0821_release~3680^2~1480^2~138^2~4 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9eba25268e5862571d53122065616c456fe1142a;p=firefly-linux-kernel-4.4.55.git br2684: allow assign only on a connected socket The br2684 does not check if used vcc is in connected state, causing potential Oops in pppoatm_send() when vcc->send() is called on not fully connected socket. Now br2684 can be assigned only on connected sockets; otherwise -EINVAL error is returned. Signed-off-by: Krzysztof Mazur Signed-off-by: David Woodhouse --- diff --git a/net/atm/br2684.c b/net/atm/br2684.c index 6dc383c90262..403e71fa88fe 100644 --- a/net/atm/br2684.c +++ b/net/atm/br2684.c @@ -735,10 +735,13 @@ static int br2684_ioctl(struct socket *sock, unsigned int cmd, return -ENOIOCTLCMD; if (!capable(CAP_NET_ADMIN)) return -EPERM; - if (cmd == ATM_SETBACKEND) + if (cmd == ATM_SETBACKEND) { + if (sock->state != SS_CONNECTED) + return -EINVAL; return br2684_regvcc(atmvcc, argp); - else + } else { return br2684_create(argp); + } #ifdef CONFIG_ATM_BR2684_IPFILTER case BR2684_SETFILT: if (atmvcc->push != br2684_push)