forked from luck/tmp_suning_uos_patched
team: use a larger struct for mac address
IPv6 tunnels use sizeof(struct in6_addr) as dev->addr_len, but in many places especially bonding, we use struct sockaddr to copy and set mac addr, this could lead to stack out-of-bounds access. Fix it by using a larger address storage like bonding. Reported-by: Andrey Konovalov <andreyknvl@google.com> Cc: Jiri Pirko <jiri@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
0254e0c632
commit
996f6e12cf
|
@ -60,11 +60,11 @@ static struct team_port *team_port_get_rtnl(const struct net_device *dev)
|
|||
static int __set_port_dev_addr(struct net_device *port_dev,
|
||||
const unsigned char *dev_addr)
|
||||
{
|
||||
struct sockaddr addr;
|
||||
struct sockaddr_storage addr;
|
||||
|
||||
memcpy(addr.sa_data, dev_addr, port_dev->addr_len);
|
||||
addr.sa_family = port_dev->type;
|
||||
return dev_set_mac_address(port_dev, &addr);
|
||||
memcpy(addr.__data, dev_addr, port_dev->addr_len);
|
||||
addr.ss_family = port_dev->type;
|
||||
return dev_set_mac_address(port_dev, (struct sockaddr *)&addr);
|
||||
}
|
||||
|
||||
static int team_port_set_orig_dev_addr(struct team_port *port)
|
||||
|
|
Loading…
Reference in New Issue
Block a user