[PATCH] s390: qeth driver fixes [2/6]

[PATCH 5/9] s390: qeth driver fixes [2/6]

From: Frank Pavlic <fpavlic@de.ibm.com>
	- fixed error handling in create_device_attributes
	- fixed some minor bugs in IPv4
	  and IPv6 address checking

Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>

diff --git a/drivers/s390/net/qeth.h b/drivers/s390/net/qeth.h
index 619f4a0c7160d5692d09ede8b3b705a6d74790c8..e8bd8c5ced1fc9ed694331d5691e75cb5a304cf1 100644 (file)
--- a/drivers/s390/net/qeth.h
+++ b/drivers/s390/net/qeth.h
@@ -1096,10 +1096,11 @@ qeth_string_to_ipaddr4(const char *buf, __u8 *addr)
 {
        int count = 0, rc = 0;
        int in[4];
+       char c;
 
-       rc = sscanf(buf, "%d.%d.%d.%d%n",
-                   &in[0], &in[1], &in[2], &in[3], &count);
-       if (rc != 4  || count<=0)
+       rc = sscanf(buf, "%u.%u.%u.%u%c",
+                   &in[0], &in[1], &in[2], &in[3], &c);
+       if (rc != 4 && (rc != 5 || c != '\n'))
                return -EINVAL;
        for (count = 0; count < 4; count++) {
                if (in[count] > 255)
@@ -1123,24 +1124,28 @@ qeth_ipaddr6_to_string(const __u8 *addr, char *buf)
 static inline int
 qeth_string_to_ipaddr6(const char *buf, __u8 *addr)
 {
-       char *end, *start;
+       const char *end, *end_tmp, *start;
        __u16 *in;
         char num[5];
         int num2, cnt, out, found, save_cnt;
         unsigned short in_tmp[8] = {0, };
 
        cnt = out = found = save_cnt = num2 = 0;
-        end = start = (char *) buf;
+        end = start = buf;
        in = (__u16 *) addr;
        memset(in, 0, 16);
-        while (end) {
-                end = strchr(end,':');
+        while (*end) {
+                end = strchr(start,':');
                 if (end == NULL) {
-                        end = (char *)buf + (strlen(buf));
-                        out = 1;
+                        end = buf + strlen(buf);
+                       if ((end_tmp = strchr(start, '\n')) != NULL)
+                               end = end_tmp;
+                       out = 1;
                 }
                 if ((end - start)) {
                         memset(num, 0, 5);
+                       if ((end - start) > 4)
+                               return -EINVAL;
                         memcpy(num, start, end - start);
                        if (!qeth_isxdigit(num))
                                return -EINVAL;
@@ -1158,6 +1163,8 @@ qeth_string_to_ipaddr6(const char *buf, __u8 *addr)
                }
                start = ++end;
         }
+       if (cnt + save_cnt > 8)
+               return -EINVAL;
         cnt = 7;
        while (save_cnt)
                 in[cnt--] = in_tmp[--save_cnt];

diff --git a/drivers/s390/net/qeth_sys.c b/drivers/s390/net/qeth_sys.c
index 001497bbea167c7b70e51bf4c3e80d1c4ce021a9..c1f3187f37ea650220f2b066cbd1b48e28a4d0a8 100644 (file)
--- a/drivers/s390/net/qeth_sys.c
+++ b/drivers/s390/net/qeth_sys.c
@@ -1110,12 +1110,12 @@ qeth_parse_ipatoe(const char* buf, enum qeth_prot_versions proto,
 {
        const char *start, *end;
        char *tmp;
-       char buffer[49] = {0, };
+       char buffer[40] = {0, };
 
        start = buf;
        /* get address string */
        end = strchr(start, '/');
-       if (!end || (end-start >= 49)){
+       if (!end || (end - start >= 40)){
                PRINT_WARN("Invalid format for ipato_addx/delx. "
                           "Use <ip addr>/<mask bits>\n");
                return -EINVAL;
@@ -1127,7 +1127,12 @@ qeth_parse_ipatoe(const char* buf, enum qeth_prot_versions proto,
        }
        start = end + 1;
        *mask_bits = simple_strtoul(start, &tmp, 10);
-
+       if (!strlen(start) ||
+           (tmp == start) ||
+           (*mask_bits > ((proto == QETH_PROT_IPV4) ? 32 : 128))) {
+               PRINT_WARN("Invalid mask bits for ipato_addx/delx !\n");
+               return -EINVAL;
+       }
        return 0;
 }
 
@@ -1698,11 +1703,16 @@ qeth_create_device_attributes(struct device *dev)
                sysfs_remove_group(&dev->kobj, &qeth_device_attr_group);
                sysfs_remove_group(&dev->kobj, &qeth_device_ipato_group);
                sysfs_remove_group(&dev->kobj, &qeth_device_vipa_group);
+               return ret;
        }
-       if ((ret = sysfs_create_group(&dev->kobj, &qeth_device_blkt_group)))
+       if ((ret = sysfs_create_group(&dev->kobj, &qeth_device_blkt_group))){
+               sysfs_remove_group(&dev->kobj, &qeth_device_attr_group);
+               sysfs_remove_group(&dev->kobj, &qeth_device_ipato_group);
+               sysfs_remove_group(&dev->kobj, &qeth_device_vipa_group);
+               sysfs_remove_group(&dev->kobj, &qeth_device_rxip_group);
                return ret;
-
-       return ret;
+       }
+       return 0;
 }
 
 void