The following commit has been merged in the master branch: commit f1bc6003efcdd7cab0c3a2673761435bd4b55755 Author: Marek Lindner lindner_marek@yahoo.de Date: Mon Oct 18 09:12:28 2010 +0000
batman-adv: protect against ogm packet overflow by checking table length
Reported-by: Sam Yeung sam.cwyeung@gmail.com Signed-off-by: Marek Lindner lindner_marek@yahoo.de
diff --git a/translation-table.c b/translation-table.c index 9cae140..75c8ce0 100644 --- a/translation-table.c +++ b/translation-table.c @@ -60,6 +60,7 @@ void hna_local_add(struct net_device *soft_iface, uint8_t *addr) struct hna_global_entry *hna_global_entry; struct hashtable_t *swaphash; unsigned long flags; + int required_bytes;
spin_lock_irqsave(&bat_priv->hna_lhash_lock, flags); hna_local_entry = @@ -75,8 +76,12 @@ void hna_local_add(struct net_device *soft_iface, uint8_t *addr) /* only announce as many hosts as possible in the batman-packet and space in batman_packet->num_hna That also should give a limit to MAC-flooding. */ - if ((bat_priv->num_local_hna + 1 > (ETH_DATA_LEN - BAT_PACKET_LEN) - / ETH_ALEN) || + required_bytes = (bat_priv->num_local_hna + 1) * ETH_ALEN; + required_bytes += BAT_PACKET_LEN; + + if ((required_bytes > ETH_DATA_LEN) || + (atomic_read(&bat_priv->aggregation_enabled) && + required_bytes > MAX_AGGREGATION_BYTES) || (bat_priv->num_local_hna + 1 > 255)) { bat_dbg(DBG_ROUTES, bat_priv, "Can't add new local hna entry (%pM): "