net: ar8216: address security vulnerabilities in swconfig & ar8216

[openwrt/staging/wigyori.git] / target / linux / generic / files / drivers / net / phy / swconfig.c

diff --git a/target/linux/generic/files/drivers/net/phy/swconfig.c b/target/linux/generic/files/drivers/net/phy/swconfig.c
index c70ca74cadde948bd330543cdf9811ce130899b1..63a95881361ca76bd8a5f624f48dbe9b121d62dd 100644 (file)
--- a/target/linux/generic/files/drivers/net/phy/swconfig.c
+++ b/target/linux/generic/files/drivers/net/phy/swconfig.c
@@ -506,7 +506,7 @@ swconfig_lookup_attr(struct switch_dev *dev, struct genl_info *info,
        struct genlmsghdr *hdr = nlmsg_data(info->nlhdr);
        const struct switch_attrlist *alist;
        const struct switch_attr *attr = NULL;
-       int attr_id;
+       unsigned int attr_id;
 
        /* defaults */
        struct switch_attr *def_list;
@@ -590,11 +590,13 @@ swconfig_parse_ports(struct sk_buff *msg, struct nlattr *head,
        val->len = 0;
        nla_for_each_nested(nla, head, rem) {
                struct nlattr *tb[SWITCH_PORT_ATTR_MAX+1];
-               struct switch_port *port = &val->value.ports[val->len];
+               struct switch_port *port;
 
                if (val->len >= max)
                        return -EINVAL;
 
+               port = &val->value.ports[val->len];
+
                if (nla_parse_nested(tb, SWITCH_PORT_ATTR_MAX, nla,
                                port_policy))
                        return -EINVAL;
@@ -1111,6 +1113,11 @@ register_switch(struct switch_dev *dev, struct net_device *netdev)
        }
        BUG_ON(!dev->alias);
 
+       /* Make sure swdev_id doesn't overflow */
+       if (swdev_id == INT_MAX) {
+               return -ENOMEM;
+       }
+
        if (dev->ports > 0) {
                dev->portbuf = kzalloc(sizeof(struct switch_port) *
                                dev->ports, GFP_KERNEL);
@@ -1227,4 +1234,3 @@ swconfig_exit(void)
 
 module_init(swconfig_init);
 module_exit(swconfig_exit);
-