lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 5 Jul 2016 00:24:42 +0300 (EEST)
From:	Julian Anastasov <ja@....bg>
To:	Vegard Nossum <vegard.nossum@...cle.com>
cc:	Andy Gospodarek <gospo@...ulusnetworks.com>, davem@...emloft.net,
	netdev@...r.kernel.org, Dinesh Dutt <ddutt@...ulusnetworks.com>,
	Scott Feldman <sfeldma@...il.com>
Subject: Re: [PATCH] net: check for NULL net_device in FIB tables


	Hello,

On Mon, 4 Jul 2016, Vegard Nossum wrote:

> Alright.
> 
> Thanks for the review! I can submit a new patch to only check the one
> place above that actually crashed. Otherwise, if you think it's better
> to go with your fc_flags suggestion, feel free to send a patch for that.
> As you can tell, I am not very familiar with this code :-) If you do
> send a patch, I can test it easily.

	Of course, here is untested version. May be I'll do some
testing this weekend and will submit with proper commit
message...

[PATCH RFC] ipv4: reject RTNH_F_LINKDOWN for incompatible routes

The RTNH_F_LINKDOWN flag is used only for link routes.
Reject it for error routes and local routes.

Signed-off-by: Julian Anastasov <ja@....bg>
---
 net/ipv4/fib_semantics.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 2b68418..1f10c20 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -1113,7 +1113,8 @@ struct fib_info *fib_create_info(struct fib_config *cfg)
 	}
 
 	if (fib_props[cfg->fc_type].error) {
-		if (cfg->fc_gw || cfg->fc_oif || cfg->fc_mp)
+		if (cfg->fc_gw || cfg->fc_oif || cfg->fc_mp ||
+		    (fi->fib_nh->nh_flags & RTNH_F_LINKDOWN))
 			goto err_inval;
 		goto link_it;
 	} else {
@@ -1136,7 +1137,7 @@ struct fib_info *fib_create_info(struct fib_config *cfg)
 		struct fib_nh *nh = fi->fib_nh;
 
 		/* Local address is added. */
-		if (nhs != 1 || nh->nh_gw)
+		if (nhs != 1 || nh->nh_gw || (nh->nh_flags & RTNH_F_LINKDOWN))
 			goto err_inval;
 		nh->nh_scope = RT_SCOPE_NOWHERE;
 		nh->nh_dev = dev_get_by_index(net, fi->fib_nh->nh_oif);
-- 
1.9.3

Regards

--
Julian Anastasov <ja@....bg>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ