lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 04 Jun 2008 10:27:45 +0800
From:	Shan Wei <shanwei@...fujitsu.com>
To:	Brian Haley <Brian.Haley@...com>
CC:	YOSHIFUJI Hideaki / 吉藤英明 
	<yoshfuji@...ux-ipv6.org>, davem@...emloft.net,
	netdev@...r.kernel.org
Subject: Re: [GIT PULL net-2.6] IPv6 fixes.

Brian Haley 写道:
> YOSHIFUJI Hideaki / 吉藤英明 wrote:
>> Please consider pulling following fixes on top of net-2.6 tree
>> available at
>>     git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-fix.git
>> net-2.6-misc-20080604b
>>
> ...
>> commit c878bc2da63acd3b80ba4cf428702f6e98c55b3c
>> Author: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
>> Date:   Mon Jun 2 18:45:23 2008 +0900
>>
>>     [IPv6]: Check outgoing interface even if source address is
>> unspecified.
>>         The outgoing interface index (ipi6_ifindex) in IPV6_PKTINFO
>>     ancillary data, is not checked if the source address (ipi6_addr)
>>     is unspecified.  If the ipi6_ifindex is the not-exist interface,
>>     it should be fail and the errno should be set ENODEV.
>>         Based on patch from Shan Wei <shanwei@...fujitsu.com>.
>>         Signed-off-by: Shan Wei <shanwei@...fujitsu.com>
>>     Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
>>
>> diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
>> index 94fa6ae..76d4ab4 100644
>> --- a/net/ipv6/datagram.c
>> +++ b/net/ipv6/datagram.c
>> @@ -535,27 +535,29 @@ int datagram_send_ctl(struct msghdr *msg, struct
>> flowi *fl,
>>                  fl->oif = src_info->ipi6_ifindex;
>>              }
>>  
>> -            addr_type = ipv6_addr_type(&src_info->ipi6_addr);
>> +            if (fl->oif) {
>> +                dev = dev_get_by_index(&init_net, fl->oif);
>> +                if (!dev)
>> +                    return -ENODEV;
>> +            }
>>  
>> -            if (addr_type == IPV6_ADDR_ANY)
>> +            addr_type = ipv6_addr_type(&src_info->ipi6_addr);
>> +            if (addr_type == IPV6_ADDR_ANY) {
>> +                if (dev)
>> +                    dev_put(dev);
>>                  break;
>> -
>> -            if (addr_type & IPV6_ADDR_LINKLOCAL) {
>> -                if (!src_info->ipi6_ifindex)
>> -                    return -EINVAL;
>> -                else {
>> -                    dev = dev_get_by_index(&init_net,
>> src_info->ipi6_ifindex);
>> -                    if (!dev)
>> -                        return -ENODEV;
>> -                }
>>              }
>> -            if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
>> +
>> +            if (((addr_type & IPV6_ADDR_LINKLOCAL) &&
>> +                 !src_info->ipi6_ifindex) ||
>> +                !ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
> 
> I think this !src_info->ipi6_ifindex here should be !fl->oif - that will
> have been assigned correctly if it was zero and src_info->ipi6_ifindex
> was passed-in, and is what we used to do the device lookup.

the attached patch fix it.


Signed-off-by: Shan Wei<shanwei@...fujitsu.com>
---
 net/ipv6/datagram.c |   30 +++++++++++++++++-------------
 1 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 94fa6ae..f3c7529 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -508,8 +508,6 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
 	int err = 0;
 
 	for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
-		int addr_type;
-		struct net_device *dev = NULL;
 
 		if (!CMSG_OK(msg, cmsg)) {
 			err = -EINVAL;
@@ -522,6 +520,10 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
 		switch (cmsg->cmsg_type) {
 		case IPV6_PKTINFO:
 		case IPV6_2292PKTINFO:
+		     {
+			int addr_type;
+			struct net_device *dev = NULL;
+
 			if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) {
 				err = -EINVAL;
 				goto exit_f;
@@ -534,22 +536,23 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
 					return -EINVAL;
 				fl->oif = src_info->ipi6_ifindex;
 			}
+			
+			if (fl->oif) {
+				dev = dev_get_by_index(&init_net, fl->oif);
+				if (!dev)
+					return -ENODEV;
+			}
 
 			addr_type = ipv6_addr_type(&src_info->ipi6_addr);
 
-			if (addr_type == IPV6_ADDR_ANY)
+			if (addr_type == IPV6_ADDR_ANY) {
+				if (dev)
+					dev_put(dev);
 				break;
-
-			if (addr_type & IPV6_ADDR_LINKLOCAL) {
-				if (!src_info->ipi6_ifindex)
-					return -EINVAL;
-				else {
-					dev = dev_get_by_index(&init_net, src_info->ipi6_ifindex);
-					if (!dev)
-						return -ENODEV;
-				}
 			}
-			if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
+		
+			if (((addr_type & IPV6_ADDR_LINKLOCAL) && !dev) ||
+			    !ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
 					   dev, 0)) {
 				if (dev)
 					dev_put(dev);
@@ -561,6 +564,7 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
 
 			ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr);
 			break;
+		    }
 
 		case IPV6_FLOWINFO:
 			if (cmsg->cmsg_len < CMSG_LEN(4)) {
-- 
1.5.4.4


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists