mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-21 08:19:28 +00:00
68dd02d19c
Unfortunately, struct iwreq isn't a proper subset of struct ifreq, but is still handled by the same code path. Robert reported that then applications may (randomly) fault if the struct iwreq they pass happens to land within 8 bytes of the end of a mapping (the struct is only 32 bytes, vs. struct ifreq's 40 bytes). To fix this, pull out the code handling wireless extension ioctls and copy only the smaller structure in this case. This bug goes back a long time, I tracked that it was introduced into mainline in 2.1.15, over 20 years ago! This fixes https://bugzilla.kernel.org/show_bug.cgi?id=195869 Reported-by: Robert O'Callahan <robert@ocallahan.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
60 lines
1.5 KiB
C
60 lines
1.5 KiB
C
#ifndef __NET_WEXT_H
|
|
#define __NET_WEXT_H
|
|
|
|
#include <net/iw_handler.h>
|
|
|
|
struct net;
|
|
|
|
#ifdef CONFIG_WEXT_CORE
|
|
int wext_handle_ioctl(struct net *net, struct iwreq *iwr, unsigned int cmd,
|
|
void __user *arg);
|
|
int compat_wext_handle_ioctl(struct net *net, unsigned int cmd,
|
|
unsigned long arg);
|
|
|
|
struct iw_statistics *get_wireless_stats(struct net_device *dev);
|
|
int call_commit_handler(struct net_device *dev);
|
|
#else
|
|
static inline int wext_handle_ioctl(struct net *net, struct iwreq *iwr, unsigned int cmd,
|
|
void __user *arg)
|
|
{
|
|
return -EINVAL;
|
|
}
|
|
static inline int compat_wext_handle_ioctl(struct net *net, unsigned int cmd,
|
|
unsigned long arg)
|
|
{
|
|
return -EINVAL;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_WEXT_PROC
|
|
int wext_proc_init(struct net *net);
|
|
void wext_proc_exit(struct net *net);
|
|
#else
|
|
static inline int wext_proc_init(struct net *net)
|
|
{
|
|
return 0;
|
|
}
|
|
static inline void wext_proc_exit(struct net *net)
|
|
{
|
|
return;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_WEXT_PRIV
|
|
int ioctl_private_call(struct net_device *dev, struct iwreq *iwr,
|
|
unsigned int cmd, struct iw_request_info *info,
|
|
iw_handler handler);
|
|
int compat_private_call(struct net_device *dev, struct iwreq *iwr,
|
|
unsigned int cmd, struct iw_request_info *info,
|
|
iw_handler handler);
|
|
int iw_handler_get_private(struct net_device * dev,
|
|
struct iw_request_info * info,
|
|
union iwreq_data * wrqu,
|
|
char * extra);
|
|
#else
|
|
#define ioctl_private_call NULL
|
|
#define compat_private_call NULL
|
|
#endif
|
|
|
|
|
|
#endif /* __NET_WEXT_H */
|