lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 24 Jan 2021 17:36:58 +0000
From:   Luca Boccassi <bluca@...ian.org>
To:     netdev@...r.kernel.org
Cc:     stephen@...workplumber.org, dsahern@...il.com
Subject: [PATCH iproute2 v2] iproute: force rtm_dst_len to 32/128

Since NETLINK_GET_STRICT_CHK was enabled, the kernel rejects commands
that pass a prefix length, eg:

 ip route get `1.0.0.0/1
  Error: ipv4: Invalid values in header for route get request.
 ip route get 0.0.0.0/0
  Error: ipv4: rtm_src_len and rtm_dst_len must be 32 for IPv4

Since there's no point in setting a rtm_dst_len that we know is going
to be rejected, just force it to the right value if it's passed on
the command line. Print a warning to stderr to notify users.

Bug-Debian: https://bugs.debian.org/944730
Reported-By: Clément 'wxcafé' Hertling <wxcafe@...afe.net>
Signed-off-by: Luca Boccassi <bluca@...ian.org>
---
v2: added a warning

 ip/iproute.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/ip/iproute.c b/ip/iproute.c
index ebb5f160..8d4d2ff8 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -2069,7 +2069,18 @@ static int iproute_get(int argc, char **argv)
 			if (addr.bytelen)
 				addattr_l(&req.n, sizeof(req),
 					  RTA_DST, &addr.data, addr.bytelen);
-			req.r.rtm_dst_len = addr.bitlen;
+			if (req.r.rtm_family == AF_INET && addr.bitlen != 32) {
+				fprintf(stderr,
+					"Warning: /%u as prefix is invalid, only /32 (or none) is supported.\n",
+					addr.bitlen);
+				req.r.rtm_dst_len = 32;
+			} else if (req.r.rtm_family == AF_INET6 && addr.bitlen != 128) {
+				fprintf(stderr,
+					"Warning: /%u as prefix is invalid, only /128 (or none) is supported.\n",
+					addr.bitlen);
+				req.r.rtm_dst_len = 128;
+			} else
+				req.r.rtm_dst_len = addr.bitlen;
 			address_found = true;
 		}
 		argc--; argv++;
-- 
2.29.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ