l2tp: reject creation of non-PPP sessions on L2TPv2 tunnels
The /proc/net/pppol2tp handlers (pppol2tp_seq_*()) iterate over all
L2TPv2 tunnels, and rightfully expect that only PPP sessions can be
found there. However, l2tp_netlink accepts creating Ethernet sessions
regardless of the underlying tunnel version.
This confuses pppol2tp_seq_session_show(), which expects that
l2tp_session_priv() returns a pppol2tp_session structure. When the
session is an Ethernet pseudo-wire, a struct l2tp_eth_sess is returned
instead. This leads to invalid memory access when
pppol2tp_session_get_sock() later tries to dereference ps->sk.
Fixes: d9e31d17ce
("l2tp: Add L2TP ethernet pseudowire support")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
eab9a2d5f3
commit
de9bada5d3
@ -553,6 +553,12 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
|
||||
goto out_tunnel;
|
||||
}
|
||||
|
||||
/* L2TPv2 only accepts PPP pseudo-wires */
|
||||
if (tunnel->version == 2 && cfg.pw_type != L2TP_PWTYPE_PPP) {
|
||||
ret = -EPROTONOSUPPORT;
|
||||
goto out_tunnel;
|
||||
}
|
||||
|
||||
if (tunnel->version > 2) {
|
||||
if (info->attrs[L2TP_ATTR_DATA_SEQ])
|
||||
cfg.data_seq = nla_get_u8(info->attrs[L2TP_ATTR_DATA_SEQ]);
|
||||
|
Loading…
Reference in New Issue
Block a user