netdev - [PATCH net-next RFC v1 11/27] afnetns: validate afnetns in inet_allow

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-Id: <20170312230151.5185-12-hannes@stressinduktion.org>
Date:   Mon, 13 Mar 2017 00:01:35 +0100
From:   Hannes Frederic Sowa <hannes@...essinduktion.org>
To:     netdev@...r.kernel.org
Subject: [PATCH net-next RFC v1 11/27] afnetns: validate afnetns in inet_allow_bind

Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
---
 net/ipv4/af_inet.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index aee599e23137e7..5f11399bafd16f 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -453,6 +453,17 @@ int inet_allow_bind(struct sock *sk, __be32 addr)
 	    chk_addr_ret != RTN_BROADCAST)
 		return -EADDRNOTAVAIL;
 
+	if (chk_addr_ret == RTN_LOCAL &&
+	    net_afnetns(net) != sock_afnetns(sk)) {
+		struct afnetns *afnetns;
+
+		rcu_read_lock();
+		afnetns = ifa_find_afnetns_rcu(net, addr);
+		if (afnetns != sock_afnetns(sk))
+			chk_addr_ret = -EADDRNOTAVAIL;
+		rcu_read_unlock();
+	}
+
 	return chk_addr_ret;
 }
 EXPORT_SYMBOL(inet_allow_bind);
-- 
2.9.3