From abb281daacd4fc9940e45e6b86daaa11dd9958be Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Tue, 9 Feb 2021 10:57:25 -0500 Subject: [PATCH] TT#91151 add additional check for kernel module commands Change-Id: I27f9ca4f03cd979ecbcf01e8fb1801a306f9d396 --- daemon/kernel.c | 3 ++- kernel-module/xt_RTPENGINE.c | 4 +++- kernel-module/xt_RTPENGINE.h | 9 +++++++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/daemon/kernel.c b/daemon/kernel.c index 39f7377a4..103a566ee 100644 --- a/daemon/kernel.c +++ b/daemon/kernel.c @@ -76,7 +76,8 @@ static int kernel_open_table(unsigned int id) { ZERO(msg); msg.cmd = REMG_NOOP; - msg.u.size = sizeof(msg); + msg.u.noop.size = sizeof(msg); + msg.u.noop.last_cmd = __REMG_LAST; i = write(fd, &msg, sizeof(msg)); if (i <= 0) goto fail; diff --git a/kernel-module/xt_RTPENGINE.c b/kernel-module/xt_RTPENGINE.c index fc62ce217..80e1d64b9 100644 --- a/kernel-module/xt_RTPENGINE.c +++ b/kernel-module/xt_RTPENGINE.c @@ -3293,8 +3293,10 @@ static inline ssize_t proc_control_read_write(struct file *file, char __user *ub switch (msg->cmd) { case REMG_NOOP: - if (msg->u.size != sizeof(*msg)) + if (msg->u.noop.size != sizeof(*msg)) err = -EMSGSIZE; + if (msg->u.noop.last_cmd != __REMG_LAST) + err = -ERANGE; break; case REMG_ADD: diff --git a/kernel-module/xt_RTPENGINE.h b/kernel-module/xt_RTPENGINE.h index db79be959..82b6f8612 100644 --- a/kernel-module/xt_RTPENGINE.h +++ b/kernel-module/xt_RTPENGINE.h @@ -146,9 +146,14 @@ struct rtpengine_stats_info { struct rtpengine_ssrc_stats ssrc_stats; // output }; +struct rtpengine_noop_info { + size_t size; + int last_cmd; +}; + struct rtpengine_message { enum { - /* size: */ + /* noop_info: */ REMG_NOOP = 1, /* target_info: */ @@ -175,7 +180,7 @@ struct rtpengine_message { } cmd; union { - size_t size; + struct rtpengine_noop_info noop; struct rtpengine_target_info target; struct rtpengine_call_info call; struct rtpengine_stream_info stream;