lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 May 2020 21:48:39 -0700 From: Roopa Prabhu <roopa@...ulusnetworks.com> To: davem@...emloft.net, kuba@...nel.org Cc: netdev@...r.kernel.org, dsahern@...il.com, nikolay@...ulusnetworks.com, jiri@...lanox.com, idosch@...lanox.com, petrm@...lanox.com Subject: [PATCH net-next v2 1/3] vxlan: add check to prevent use of remote ip attributes with NDA_NH_ID From: Roopa Prabhu <roopa@...ulusnetworks.com> NDA_NH_ID represents a remote ip or a group of remote ips. It allows use of nexthop groups in lieu of a remote ip or a list of remote ips supported by the fdb api. Current code ignores the other remote ip attrs when NDA_NH_ID is specified. In the spirit of strict checking, This commit adds a check to explicitly return an error on incorrect usage. Fixes: 1274e1cc4226 ("vxlan: ecmp support for mac fdb entries") Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com> --- drivers/net/vxlan.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index a0015cd..fe606c6 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -1196,6 +1196,10 @@ static int vxlan_fdb_parse(struct nlattr *tb[], struct vxlan_dev *vxlan, struct net *net = dev_net(vxlan->dev); int err; + if (tb[NDA_NH_ID] && (tb[NDA_DST] || tb[NDA_VNI] || tb[NDA_IFINDEX] || + tb[NDA_PORT])) + return -EINVAL; + if (tb[NDA_DST]) { err = vxlan_nla_get_addr(ip, tb[NDA_DST]); if (err) -- 2.1.4
Powered by blists - more mailing lists