psd: add basic validation of userspace matchinfo data

psd multiplies weight_thresh by HZ, so it could overflow.

Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check
that on kernel side, too.

Also, setting 0 weight for both privileged and highports will cause
psd to never match at all.

Reject 0 weight threshold, too because it makes no sense (triggers
match for every initial packet).

diff --git a/doc/changelog.txt b/doc/changelog.txt
index 2fe752b8158bdfd086902eb2dcfaecbddaf4cd78..a2c37df5a37b1660e21cd851ea13d15ed8ccc1b4 100644 (file)
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -3,6 +3,8 @@ HEAD
 ====
 Fixes:
 - xt_psd: avoid crash due to curr->next corruption
+Changes:
+- xt_psd: reject invalid match options
 
 
 v1.42 (2012-04-05)

diff --git a/extensions/xt_psd.c b/extensions/xt_psd.c
index c044c255eb744dedb01e2fba02ab519d32877d5d..dc53466466eb7bc127e3d61691a6b8a8b5357e96 100644 (file)
--- a/extensions/xt_psd.c
+++ b/extensions/xt_psd.c
@@ -278,13 +278,35 @@ out_match:
        return true;
 }
 
+static int psd_mt_check(const struct xt_mtchk_param *par)
+{
+       const struct xt_psd_info *info = par->matchinfo;
+
+       if (info->weight_threshold == 0)
+               /* 0 would match on every 1st packet */
+               return -EINVAL;
+
+       if ((info->lo_ports_weight | info->hi_ports_weight) == 0)
+               /* would never match */
+               return -EINVAL;
+
+       if (info->delay_threshold > PSD_MAX_RATE ||
+           info->weight_threshold > PSD_MAX_RATE ||
+           info->lo_ports_weight > PSD_MAX_RATE ||
+           info->hi_ports_weight > PSD_MAX_RATE)
+               return -EINVAL;
+
+       return 0;
+}
+
 static struct xt_match xt_psd_reg __read_mostly = {
-       .name           = "psd",
-       .family    = NFPROTO_IPV4,
-       .revision  = 1,
-       .match          = xt_psd_match,
-       .matchsize      = sizeof(struct xt_psd_info),
-       .me                     = THIS_MODULE,
+       .name       = "psd",
+       .family     = NFPROTO_IPV4,
+       .revision   = 1,
+       .checkentry = psd_mt_check,
+       .match      = xt_psd_match,
+       .matchsize  = sizeof(struct xt_psd_info),
+       .me         = THIS_MODULE,
 };
 
 static int __init xt_psd_init(void)