lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 13 Nov 2013 19:21:33 +0100
From:	Andreas Henriksson <andreas@...al.se>
To:	netdev@...r.kernel.org
Subject: [PATCH RFC] net: error on trying to add a duplicate ipip tunnel

After patch:
$ sudo ip tunnel add test1 mode ipip remote 1.2.3.4
$ sudo ip tunnel add test2 mode ipip remote 1.2.3.4
add tunnel "tunl0" failed: File exists

Before the patch, there would be no error and
"test2" (silently) not added.

Originally reported at http://bugs.debian.org/508450

The originally reported problem with sit tunnel seems
to have been resolved since then:
$ sudo ip tun add test3 mode sit
add tunnel "sit0" failed: No buffer space available

The problem still exists for (atleast) ipip tunnels though.

Reported-by: martin f krafft <madduck@...ian.org>
Signed-off-by: Andreas Henriksson <andreas@...al.se>
---
 net/ipv4/ip_tunnel.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)


Maybe also sit tunnels should explicitly
use EEXISTS instead of ENOBUFS?
Maybe ipip tunnel code should be refactored
to be similar to sit tunnel addition code?
Which other tunnel types should be checked
for how they behave in similar situations?
Other comments?


diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 63a6d6d..1dc4e41 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -732,8 +732,14 @@ int ip_tunnel_ioctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
 
 		t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
 
-		if (!t && (cmd == SIOCADDTUNNEL))
-			t = ip_tunnel_create(net, itn, p);
+		if (cmd == SIOCADDTUNNEL) {
+			if (!t) {
+				t = ip_tunnel_create(net, itn, p);
+			} else {
+				err = -EEXIST;
+				break;
+			}
+		}
 
 		if (dev != itn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
 			if (t != NULL) {
-- 
1.8.4.3
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ