fix buffer overflow in interface data handling

[project/netifd.git] / interface.c

diff --git a/interface.c b/interface.c
index 9301628..78dcd83 100644 (file)
--- a/interface.c
+++ b/interface.c
@@ -1,3 +1,16 @@
+/*
+ * netifd - network interface daemon
+ * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
 #include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
@@ -12,6 +25,7 @@
 #include "system.h"
 
 struct vlist_tree interfaces;
+static LIST_HEAD(iface_all_users);
 
 enum {
        IFACE_ATTR_IFNAME,
@@ -104,7 +118,7 @@ interface_add_data(struct interface *iface, const struct blob_attr *data)
        if (!blobmsg_check_attr(data, true))
                return UBUS_STATUS_INVALID_ARGUMENT;
 
-       n = calloc(1, sizeof(*data) + blob_pad_len(data));
+       n = calloc(1, sizeof(*n) + blob_pad_len(data));
        memcpy(n->data, data, blob_pad_len(data));
        n->node.key = blobmsg_name(data);
 
@@ -122,9 +136,10 @@ interface_event(struct interface *iface, enum interface_event ev)
        struct interface_user *dep, *tmp;
 
        list_for_each_entry_safe(dep, tmp, &iface->users, list)
-               dep->cb(dep, IFEV_UP);
+               dep->cb(dep, iface, ev);
 
-       interface_queue_event(iface, ev);
+       list_for_each_entry_safe(dep, tmp, &iface_all_users, list)
+               dep->cb(dep, iface, ev);
 }
 
 static void
@@ -206,10 +221,15 @@ interface_set_available(struct interface *iface, bool new_state)
 void
 interface_add_user(struct interface_user *dep, struct interface *iface)
 {
+       if (!iface) {
+               list_add(&dep->list, &iface_all_users);
+               return;
+       }
+
        dep->iface = iface;
        list_add(&dep->list, &iface->users);
        if (iface->state == IFS_UP)
-               dep->cb(dep, IFEV_UP);
+               dep->cb(dep, iface, IFEV_UP);
 }
 
 void
@@ -243,7 +263,6 @@ interface_cleanup(struct interface *iface, bool reload)
        list_for_each_entry_safe(dep, tmp, &iface->users, list)
                interface_remove_user(dep);
 
-       interface_dequeue_event(iface);
        interface_ip_flush(&iface->config_ip);
        interface_flush_state(iface);
        interface_clear_errors(iface);
@@ -256,6 +275,7 @@ interface_cleanup(struct interface *iface, bool reload)
 static void
 interface_do_free(struct interface *iface)
 {
+       interface_event(iface, IFEV_FREE);
        interface_cleanup(iface, false);
        free(iface->config);
        netifd_ubus_remove_interface(iface);
@@ -266,6 +286,7 @@ interface_do_free(struct interface *iface)
 static void
 interface_do_reload(struct interface *iface)
 {
+       interface_event(iface, IFEV_RELOAD);
        interface_cleanup(iface, true);
        proto_init_interface(iface, iface->config);
        interface_claim_device(iface);