Avoid reading past buffer when calling GETACL
[zen-stable.git] / net / ax25 / ax25_route.c
blob87fddab22e0f3b9d1961ae53461cb7f1dc49d8ac
1 /*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * Copyright (C) Alan Cox GW4PTS (alan@lxorguk.ukuu.org.uk)
8 * Copyright (C) Jonathan Naylor G4KLX (g4klx@g4klx.demon.co.uk)
9 * Copyright (C) Steven Whitehouse GW7RRM (stevew@acm.org)
10 * Copyright (C) Joerg Reuter DL1BKE (jreuter@yaina.de)
11 * Copyright (C) Hans-Joachim Hetscher DD8NE (dd8ne@bnv-bamberg.de)
12 * Copyright (C) Frederic Rible F1OAT (frible@teaser.fr)
15 #include <linux/capability.h>
16 #include <linux/errno.h>
17 #include <linux/types.h>
18 #include <linux/socket.h>
19 #include <linux/timer.h>
20 #include <linux/in.h>
21 #include <linux/kernel.h>
22 #include <linux/sched.h>
23 #include <linux/string.h>
24 #include <linux/sockios.h>
25 #include <linux/net.h>
26 #include <linux/slab.h>
27 #include <net/ax25.h>
28 #include <linux/inet.h>
29 #include <linux/netdevice.h>
30 #include <linux/if_arp.h>
31 #include <linux/skbuff.h>
32 #include <linux/spinlock.h>
33 #include <net/sock.h>
34 #include <asm/uaccess.h>
35 #include <asm/system.h>
36 #include <linux/fcntl.h>
37 #include <linux/mm.h>
38 #include <linux/interrupt.h>
39 #include <linux/init.h>
40 #include <linux/seq_file.h>
41 #include <linux/export.h>
43 static ax25_route *ax25_route_list;
44 static DEFINE_RWLOCK(ax25_route_lock);
46 void ax25_rt_device_down(struct net_device *dev)
48 ax25_route *s, *t, *ax25_rt;
50 write_lock_bh(&ax25_route_lock);
51 ax25_rt = ax25_route_list;
52 while (ax25_rt != NULL) {
53 s = ax25_rt;
54 ax25_rt = ax25_rt->next;
56 if (s->dev == dev) {
57 if (ax25_route_list == s) {
58 ax25_route_list = s->next;
59 kfree(s->digipeat);
60 kfree(s);
61 } else {
62 for (t = ax25_route_list; t != NULL; t = t->next) {
63 if (t->next == s) {
64 t->next = s->next;
65 kfree(s->digipeat);
66 kfree(s);
67 break;
73 write_unlock_bh(&ax25_route_lock);
76 static int __must_check ax25_rt_add(struct ax25_routes_struct *route)
78 ax25_route *ax25_rt;
79 ax25_dev *ax25_dev;
80 int i;
82 if ((ax25_dev = ax25_addr_ax25dev(&route->port_addr)) == NULL)
83 return -EINVAL;
84 if (route->digi_count > AX25_MAX_DIGIS)
85 return -EINVAL;
87 write_lock_bh(&ax25_route_lock);
89 ax25_rt = ax25_route_list;
90 while (ax25_rt != NULL) {
91 if (ax25cmp(&ax25_rt->callsign, &route->dest_addr) == 0 &&
92 ax25_rt->dev == ax25_dev->dev) {
93 kfree(ax25_rt->digipeat);
94 ax25_rt->digipeat = NULL;
95 if (route->digi_count != 0) {
96 if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) {
97 write_unlock_bh(&ax25_route_lock);
98 return -ENOMEM;
100 ax25_rt->digipeat->lastrepeat = -1;
101 ax25_rt->digipeat->ndigi = route->digi_count;
102 for (i = 0; i < route->digi_count; i++) {
103 ax25_rt->digipeat->repeated[i] = 0;
104 ax25_rt->digipeat->calls[i] = route->digi_addr[i];
107 write_unlock_bh(&ax25_route_lock);
108 return 0;
110 ax25_rt = ax25_rt->next;
113 if ((ax25_rt = kmalloc(sizeof(ax25_route), GFP_ATOMIC)) == NULL) {
114 write_unlock_bh(&ax25_route_lock);
115 return -ENOMEM;
118 atomic_set(&ax25_rt->refcount, 1);
119 ax25_rt->callsign = route->dest_addr;
120 ax25_rt->dev = ax25_dev->dev;
121 ax25_rt->digipeat = NULL;
122 ax25_rt->ip_mode = ' ';
123 if (route->digi_count != 0) {
124 if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) {
125 write_unlock_bh(&ax25_route_lock);
126 kfree(ax25_rt);
127 return -ENOMEM;
129 ax25_rt->digipeat->lastrepeat = -1;
130 ax25_rt->digipeat->ndigi = route->digi_count;
131 for (i = 0; i < route->digi_count; i++) {
132 ax25_rt->digipeat->repeated[i] = 0;
133 ax25_rt->digipeat->calls[i] = route->digi_addr[i];
136 ax25_rt->next = ax25_route_list;
137 ax25_route_list = ax25_rt;
138 write_unlock_bh(&ax25_route_lock);
140 return 0;
143 void __ax25_put_route(ax25_route *ax25_rt)
145 kfree(ax25_rt->digipeat);
146 kfree(ax25_rt);
149 static int ax25_rt_del(struct ax25_routes_struct *route)
151 ax25_route *s, *t, *ax25_rt;
152 ax25_dev *ax25_dev;
154 if ((ax25_dev = ax25_addr_ax25dev(&route->port_addr)) == NULL)
155 return -EINVAL;
157 write_lock_bh(&ax25_route_lock);
159 ax25_rt = ax25_route_list;
160 while (ax25_rt != NULL) {
161 s = ax25_rt;
162 ax25_rt = ax25_rt->next;
163 if (s->dev == ax25_dev->dev &&
164 ax25cmp(&route->dest_addr, &s->callsign) == 0) {
165 if (ax25_route_list == s) {
166 ax25_route_list = s->next;
167 ax25_put_route(s);
168 } else {
169 for (t = ax25_route_list; t != NULL; t = t->next) {
170 if (t->next == s) {
171 t->next = s->next;
172 ax25_put_route(s);
173 break;
179 write_unlock_bh(&ax25_route_lock);
181 return 0;
184 static int ax25_rt_opt(struct ax25_route_opt_struct *rt_option)
186 ax25_route *ax25_rt;
187 ax25_dev *ax25_dev;
188 int err = 0;
190 if ((ax25_dev = ax25_addr_ax25dev(&rt_option->port_addr)) == NULL)
191 return -EINVAL;
193 write_lock_bh(&ax25_route_lock);
195 ax25_rt = ax25_route_list;
196 while (ax25_rt != NULL) {
197 if (ax25_rt->dev == ax25_dev->dev &&
198 ax25cmp(&rt_option->dest_addr, &ax25_rt->callsign) == 0) {
199 switch (rt_option->cmd) {
200 case AX25_SET_RT_IPMODE:
201 switch (rt_option->arg) {
202 case ' ':
203 case 'D':
204 case 'V':
205 ax25_rt->ip_mode = rt_option->arg;
206 break;
207 default:
208 err = -EINVAL;
209 goto out;
211 break;
212 default:
213 err = -EINVAL;
214 goto out;
217 ax25_rt = ax25_rt->next;
220 out:
221 write_unlock_bh(&ax25_route_lock);
222 return err;
225 int ax25_rt_ioctl(unsigned int cmd, void __user *arg)
227 struct ax25_route_opt_struct rt_option;
228 struct ax25_routes_struct route;
230 switch (cmd) {
231 case SIOCADDRT:
232 if (copy_from_user(&route, arg, sizeof(route)))
233 return -EFAULT;
234 return ax25_rt_add(&route);
236 case SIOCDELRT:
237 if (copy_from_user(&route, arg, sizeof(route)))
238 return -EFAULT;
239 return ax25_rt_del(&route);
241 case SIOCAX25OPTRT:
242 if (copy_from_user(&rt_option, arg, sizeof(rt_option)))
243 return -EFAULT;
244 return ax25_rt_opt(&rt_option);
246 default:
247 return -EINVAL;
251 #ifdef CONFIG_PROC_FS
253 static void *ax25_rt_seq_start(struct seq_file *seq, loff_t *pos)
254 __acquires(ax25_route_lock)
256 struct ax25_route *ax25_rt;
257 int i = 1;
259 read_lock(&ax25_route_lock);
260 if (*pos == 0)
261 return SEQ_START_TOKEN;
263 for (ax25_rt = ax25_route_list; ax25_rt != NULL; ax25_rt = ax25_rt->next) {
264 if (i == *pos)
265 return ax25_rt;
266 ++i;
269 return NULL;
272 static void *ax25_rt_seq_next(struct seq_file *seq, void *v, loff_t *pos)
274 ++*pos;
275 return (v == SEQ_START_TOKEN) ? ax25_route_list :
276 ((struct ax25_route *) v)->next;
279 static void ax25_rt_seq_stop(struct seq_file *seq, void *v)
280 __releases(ax25_route_lock)
282 read_unlock(&ax25_route_lock);
285 static int ax25_rt_seq_show(struct seq_file *seq, void *v)
287 char buf[11];
289 if (v == SEQ_START_TOKEN)
290 seq_puts(seq, "callsign dev mode digipeaters\n");
291 else {
292 struct ax25_route *ax25_rt = v;
293 const char *callsign;
294 int i;
296 if (ax25cmp(&ax25_rt->callsign, &null_ax25_address) == 0)
297 callsign = "default";
298 else
299 callsign = ax2asc(buf, &ax25_rt->callsign);
301 seq_printf(seq, "%-9s %-4s",
302 callsign,
303 ax25_rt->dev ? ax25_rt->dev->name : "???");
305 switch (ax25_rt->ip_mode) {
306 case 'V':
307 seq_puts(seq, " vc");
308 break;
309 case 'D':
310 seq_puts(seq, " dg");
311 break;
312 default:
313 seq_puts(seq, " *");
314 break;
317 if (ax25_rt->digipeat != NULL)
318 for (i = 0; i < ax25_rt->digipeat->ndigi; i++)
319 seq_printf(seq, " %s",
320 ax2asc(buf, &ax25_rt->digipeat->calls[i]));
322 seq_puts(seq, "\n");
324 return 0;
327 static const struct seq_operations ax25_rt_seqops = {
328 .start = ax25_rt_seq_start,
329 .next = ax25_rt_seq_next,
330 .stop = ax25_rt_seq_stop,
331 .show = ax25_rt_seq_show,
334 static int ax25_rt_info_open(struct inode *inode, struct file *file)
336 return seq_open(file, &ax25_rt_seqops);
339 const struct file_operations ax25_route_fops = {
340 .owner = THIS_MODULE,
341 .open = ax25_rt_info_open,
342 .read = seq_read,
343 .llseek = seq_lseek,
344 .release = seq_release,
347 #endif
350 * Find AX.25 route
352 * Only routes with a reference count of zero can be destroyed.
354 ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev)
356 ax25_route *ax25_spe_rt = NULL;
357 ax25_route *ax25_def_rt = NULL;
358 ax25_route *ax25_rt;
360 read_lock(&ax25_route_lock);
362 * Bind to the physical interface we heard them on, or the default
363 * route if none is found;
365 for (ax25_rt = ax25_route_list; ax25_rt != NULL; ax25_rt = ax25_rt->next) {
366 if (dev == NULL) {
367 if (ax25cmp(&ax25_rt->callsign, addr) == 0 && ax25_rt->dev != NULL)
368 ax25_spe_rt = ax25_rt;
369 if (ax25cmp(&ax25_rt->callsign, &null_ax25_address) == 0 && ax25_rt->dev != NULL)
370 ax25_def_rt = ax25_rt;
371 } else {
372 if (ax25cmp(&ax25_rt->callsign, addr) == 0 && ax25_rt->dev == dev)
373 ax25_spe_rt = ax25_rt;
374 if (ax25cmp(&ax25_rt->callsign, &null_ax25_address) == 0 && ax25_rt->dev == dev)
375 ax25_def_rt = ax25_rt;
379 ax25_rt = ax25_def_rt;
380 if (ax25_spe_rt != NULL)
381 ax25_rt = ax25_spe_rt;
383 if (ax25_rt != NULL)
384 ax25_hold_route(ax25_rt);
386 read_unlock(&ax25_route_lock);
388 return ax25_rt;
392 * Adjust path: If you specify a default route and want to connect
393 * a target on the digipeater path but w/o having a special route
394 * set before, the path has to be truncated from your target on.
396 static inline void ax25_adjust_path(ax25_address *addr, ax25_digi *digipeat)
398 int k;
400 for (k = 0; k < digipeat->ndigi; k++) {
401 if (ax25cmp(addr, &digipeat->calls[k]) == 0)
402 break;
405 digipeat->ndigi = k;
410 * Find which interface to use.
412 int ax25_rt_autobind(ax25_cb *ax25, ax25_address *addr)
414 ax25_uid_assoc *user;
415 ax25_route *ax25_rt;
416 int err = 0;
418 if ((ax25_rt = ax25_get_route(addr, NULL)) == NULL)
419 return -EHOSTUNREACH;
421 if ((ax25->ax25_dev = ax25_dev_ax25dev(ax25_rt->dev)) == NULL) {
422 err = -EHOSTUNREACH;
423 goto put;
426 user = ax25_findbyuid(current_euid());
427 if (user) {
428 ax25->source_addr = user->call;
429 ax25_uid_put(user);
430 } else {
431 if (ax25_uid_policy && !capable(CAP_NET_BIND_SERVICE)) {
432 err = -EPERM;
433 goto put;
435 ax25->source_addr = *(ax25_address *)ax25->ax25_dev->dev->dev_addr;
438 if (ax25_rt->digipeat != NULL) {
439 ax25->digipeat = kmemdup(ax25_rt->digipeat, sizeof(ax25_digi),
440 GFP_ATOMIC);
441 if (ax25->digipeat == NULL) {
442 err = -ENOMEM;
443 goto put;
445 ax25_adjust_path(addr, ax25->digipeat);
448 if (ax25->sk != NULL) {
449 bh_lock_sock(ax25->sk);
450 sock_reset_flag(ax25->sk, SOCK_ZAPPED);
451 bh_unlock_sock(ax25->sk);
454 put:
455 ax25_put_route(ax25_rt);
457 return err;
460 struct sk_buff *ax25_rt_build_path(struct sk_buff *skb, ax25_address *src,
461 ax25_address *dest, ax25_digi *digi)
463 struct sk_buff *skbn;
464 unsigned char *bp;
465 int len;
467 len = digi->ndigi * AX25_ADDR_LEN;
469 if (skb_headroom(skb) < len) {
470 if ((skbn = skb_realloc_headroom(skb, len)) == NULL) {
471 printk(KERN_CRIT "AX.25: ax25_dg_build_path - out of memory\n");
472 return NULL;
475 if (skb->sk != NULL)
476 skb_set_owner_w(skbn, skb->sk);
478 kfree_skb(skb);
480 skb = skbn;
483 bp = skb_push(skb, len);
485 ax25_addr_build(bp, src, dest, digi, AX25_COMMAND, AX25_MODULUS);
487 return skb;
491 * Free all memory associated with routing structures.
493 void __exit ax25_rt_free(void)
495 ax25_route *s, *ax25_rt = ax25_route_list;
497 write_lock_bh(&ax25_route_lock);
498 while (ax25_rt != NULL) {
499 s = ax25_rt;
500 ax25_rt = ax25_rt->next;
502 kfree(s->digipeat);
503 kfree(s);
505 write_unlock_bh(&ax25_route_lock);