lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 18 Sep 2018 17:48:40 +0800
From:   Hangbin Liu <liuhangbin@...il.com>
To:     netdev@...r.kernel.org
Cc:     Stephen Hemminger <stephen@...workplumber.org>,
        David Ahern <dsahern@...il.com>, Phil Sutter <phil@....cc>,
        Serhey Popovych <serhe.popovych@...il.com>,
        Hangbin Liu <liuhangbin@...il.com>
Subject: [PATCH iproute2] iplink: fix incorrect any address handling for ip tunnels

After commit d42c7891d26e4 ("utils: Do not reset family for default, any,
all addresses"), when call get_addr() for any/all addresses, we will set
addr->flags to ADDRTYPE_INET_UNSPEC if family is AF_INET/AF_INET6, which
makes is_addrtype_inet() checking passed and assigns incorrect address
to kernel. The ip link cmd will return error like:

]# ip link add ipip1 type ipip local any remote 1.1.1.1
RTNETLINK answers: Numerical result out of range

Fix it by using is_addrtype_inet_not_unspec() to avoid unspec addresses.

geneve, vxlan are not affected as they use AF_UNSPEC family when call
get_addr()

Reported-by: Jianlin Shi <jishi@...hat.com>
Fixes: d42c7891d26e4 ("utils: Do not reset family for default, any, all addresses")
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
 ip/link_gre.c    | 4 ++--
 ip/link_gre6.c   | 4 ++--
 ip/link_ip6tnl.c | 4 ++--
 ip/link_iptnl.c  | 4 ++--
 ip/link_vti.c    | 4 ++--
 ip/link_vti6.c   | 4 ++--
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/ip/link_gre.c b/ip/link_gre.c
index ede761b..1ee7ee1 100644
--- a/ip/link_gre.c
+++ b/ip/link_gre.c
@@ -395,9 +395,9 @@ get_failed:
 	addattr32(n, 1024, IFLA_GRE_OKEY, okey);
 	addattr_l(n, 1024, IFLA_GRE_IFLAGS, &iflags, 2);
 	addattr_l(n, 1024, IFLA_GRE_OFLAGS, &oflags, 2);
-	if (is_addrtype_inet(&saddr))
+	if (is_addrtype_inet_not_unspec(&saddr))
 		addattr_l(n, 1024, IFLA_GRE_LOCAL, saddr.data, saddr.bytelen);
-	if (is_addrtype_inet(&daddr))
+	if (is_addrtype_inet_not_unspec(&daddr))
 		addattr_l(n, 1024, IFLA_GRE_REMOTE, daddr.data, daddr.bytelen);
 	addattr_l(n, 1024, IFLA_GRE_PMTUDISC, &pmtudisc, 1);
 	if (ignore_df)
diff --git a/ip/link_gre6.c b/ip/link_gre6.c
index 181b2ea..20f9305 100644
--- a/ip/link_gre6.c
+++ b/ip/link_gre6.c
@@ -424,9 +424,9 @@ get_failed:
 	addattr32(n, 1024, IFLA_GRE_OKEY, okey);
 	addattr_l(n, 1024, IFLA_GRE_IFLAGS, &iflags, 2);
 	addattr_l(n, 1024, IFLA_GRE_OFLAGS, &oflags, 2);
-	if (is_addrtype_inet(&saddr))
+	if (is_addrtype_inet_not_unspec(&saddr))
 		addattr_l(n, 1024, IFLA_GRE_LOCAL, saddr.data, saddr.bytelen);
-	if (is_addrtype_inet(&daddr))
+	if (is_addrtype_inet_not_unspec(&daddr))
 		addattr_l(n, 1024, IFLA_GRE_REMOTE, daddr.data, daddr.bytelen);
 	if (link)
 		addattr32(n, 1024, IFLA_GRE_LINK, link);
diff --git a/ip/link_ip6tnl.c b/ip/link_ip6tnl.c
index c7fef2e..cfe2c5a 100644
--- a/ip/link_ip6tnl.c
+++ b/ip/link_ip6tnl.c
@@ -320,11 +320,11 @@ get_failed:
 		return 0;
 	}
 
-	if (is_addrtype_inet(&saddr)) {
+	if (is_addrtype_inet_not_unspec(&saddr)) {
 		addattr_l(n, 1024, IFLA_IPTUN_LOCAL,
 			  saddr.data, saddr.bytelen);
 	}
-	if (is_addrtype_inet(&daddr)) {
+	if (is_addrtype_inet_not_unspec(&daddr)) {
 		addattr_l(n, 1024, IFLA_IPTUN_REMOTE,
 			  daddr.data, daddr.bytelen);
 	}
diff --git a/ip/link_iptnl.c b/ip/link_iptnl.c
index 57f4d0c..7ec1594 100644
--- a/ip/link_iptnl.c
+++ b/ip/link_iptnl.c
@@ -325,11 +325,11 @@ get_failed:
 		return 0;
 	}
 
-	if (is_addrtype_inet(&saddr)) {
+	if (is_addrtype_inet_not_unspec(&saddr)) {
 		addattr_l(n, 1024, IFLA_IPTUN_LOCAL,
 			  saddr.data, saddr.bytelen);
 	}
-	if (is_addrtype_inet(&daddr)) {
+	if (is_addrtype_inet_not_unspec(&daddr)) {
 		addattr_l(n, 1024, IFLA_IPTUN_REMOTE,
 			  daddr.data, daddr.bytelen);
 	}
diff --git a/ip/link_vti.c b/ip/link_vti.c
index 6196a1c..3fff441 100644
--- a/ip/link_vti.c
+++ b/ip/link_vti.c
@@ -157,9 +157,9 @@ get_failed:
 
 	addattr32(n, 1024, IFLA_VTI_IKEY, ikey);
 	addattr32(n, 1024, IFLA_VTI_OKEY, okey);
-	if (is_addrtype_inet(&saddr))
+	if (is_addrtype_inet_not_unspec(&saddr))
 		addattr_l(n, 1024, IFLA_VTI_LOCAL, saddr.data, saddr.bytelen);
-	if (is_addrtype_inet(&daddr))
+	if (is_addrtype_inet_not_unspec(&daddr))
 		addattr_l(n, 1024, IFLA_VTI_REMOTE, daddr.data, daddr.bytelen);
 	addattr32(n, 1024, IFLA_VTI_FWMARK, fwmark);
 	if (link)
diff --git a/ip/link_vti6.c b/ip/link_vti6.c
index 4263615..f5a267a 100644
--- a/ip/link_vti6.c
+++ b/ip/link_vti6.c
@@ -159,9 +159,9 @@ get_failed:
 
 	addattr32(n, 1024, IFLA_VTI_IKEY, ikey);
 	addattr32(n, 1024, IFLA_VTI_OKEY, okey);
-	if (is_addrtype_inet(&saddr))
+	if (is_addrtype_inet_not_unspec(&saddr))
 		addattr_l(n, 1024, IFLA_VTI_LOCAL, saddr.data, saddr.bytelen);
-	if (is_addrtype_inet(&daddr))
+	if (is_addrtype_inet_not_unspec(&daddr))
 		addattr_l(n, 1024, IFLA_VTI_REMOTE, daddr.data, daddr.bytelen);
 	addattr32(n, 1024, IFLA_VTI_FWMARK, fwmark);
 	if (link)
-- 
2.5.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ