lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Jun 2008 10:27:45 +0800 From: Shan Wei <shanwei@...fujitsu.com> To: Brian Haley <Brian.Haley@...com> CC: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@...ux-ipv6.org>, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [GIT PULL net-2.6] IPv6 fixes. Brian Haley 写道: > YOSHIFUJI Hideaki / 吉藤英明 wrote: >> Please consider pulling following fixes on top of net-2.6 tree >> available at >> git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-fix.git >> net-2.6-misc-20080604b >> > ... >> commit c878bc2da63acd3b80ba4cf428702f6e98c55b3c >> Author: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> >> Date: Mon Jun 2 18:45:23 2008 +0900 >> >> [IPv6]: Check outgoing interface even if source address is >> unspecified. >> The outgoing interface index (ipi6_ifindex) in IPV6_PKTINFO >> ancillary data, is not checked if the source address (ipi6_addr) >> is unspecified. If the ipi6_ifindex is the not-exist interface, >> it should be fail and the errno should be set ENODEV. >> Based on patch from Shan Wei <shanwei@...fujitsu.com>. >> Signed-off-by: Shan Wei <shanwei@...fujitsu.com> >> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> >> >> diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c >> index 94fa6ae..76d4ab4 100644 >> --- a/net/ipv6/datagram.c >> +++ b/net/ipv6/datagram.c >> @@ -535,27 +535,29 @@ int datagram_send_ctl(struct msghdr *msg, struct >> flowi *fl, >> fl->oif = src_info->ipi6_ifindex; >> } >> >> - addr_type = ipv6_addr_type(&src_info->ipi6_addr); >> + if (fl->oif) { >> + dev = dev_get_by_index(&init_net, fl->oif); >> + if (!dev) >> + return -ENODEV; >> + } >> >> - if (addr_type == IPV6_ADDR_ANY) >> + addr_type = ipv6_addr_type(&src_info->ipi6_addr); >> + if (addr_type == IPV6_ADDR_ANY) { >> + if (dev) >> + dev_put(dev); >> break; >> - >> - if (addr_type & IPV6_ADDR_LINKLOCAL) { >> - if (!src_info->ipi6_ifindex) >> - return -EINVAL; >> - else { >> - dev = dev_get_by_index(&init_net, >> src_info->ipi6_ifindex); >> - if (!dev) >> - return -ENODEV; >> - } >> } >> - if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr, >> + >> + if (((addr_type & IPV6_ADDR_LINKLOCAL) && >> + !src_info->ipi6_ifindex) || >> + !ipv6_chk_addr(&init_net, &src_info->ipi6_addr, > > I think this !src_info->ipi6_ifindex here should be !fl->oif - that will > have been assigned correctly if it was zero and src_info->ipi6_ifindex > was passed-in, and is what we used to do the device lookup. the attached patch fix it. Signed-off-by: Shan Wei<shanwei@...fujitsu.com> --- net/ipv6/datagram.c | 30 +++++++++++++++++------------- 1 files changed, 17 insertions(+), 13 deletions(-) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index 94fa6ae..f3c7529 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -508,8 +508,6 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, int err = 0; for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { - int addr_type; - struct net_device *dev = NULL; if (!CMSG_OK(msg, cmsg)) { err = -EINVAL; @@ -522,6 +520,10 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, switch (cmsg->cmsg_type) { case IPV6_PKTINFO: case IPV6_2292PKTINFO: + { + int addr_type; + struct net_device *dev = NULL; + if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) { err = -EINVAL; goto exit_f; @@ -534,22 +536,23 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, return -EINVAL; fl->oif = src_info->ipi6_ifindex; } + + if (fl->oif) { + dev = dev_get_by_index(&init_net, fl->oif); + if (!dev) + return -ENODEV; + } addr_type = ipv6_addr_type(&src_info->ipi6_addr); - if (addr_type == IPV6_ADDR_ANY) + if (addr_type == IPV6_ADDR_ANY) { + if (dev) + dev_put(dev); break; - - if (addr_type & IPV6_ADDR_LINKLOCAL) { - if (!src_info->ipi6_ifindex) - return -EINVAL; - else { - dev = dev_get_by_index(&init_net, src_info->ipi6_ifindex); - if (!dev) - return -ENODEV; - } } - if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr, + + if (((addr_type & IPV6_ADDR_LINKLOCAL) && !dev) || + !ipv6_chk_addr(&init_net, &src_info->ipi6_addr, dev, 0)) { if (dev) dev_put(dev); @@ -561,6 +564,7 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr); break; + } case IPV6_FLOWINFO: if (cmsg->cmsg_len < CMSG_LEN(4)) { -- 1.5.4.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists