| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <468b1a92-7613-e89e-d89d-48c0aa48e71c@6wind.com>
Date: Fri, 31 Dec 2021 16:30:03 +0100
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org
Cc: idosch@...sch.org
Subject: Re: [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY in
multipath route
Le 31/12/2021 à 01:36, David Ahern a écrit :
> Commit referenced in the Fixes tag used nla_memcpy for RTA_GATEWAY as
> does the current nla_get_in6_addr. nla_memcpy protects against accessing
> memory greater than what is in the attribute, but there is no check
> requiring the attribute to have an IPv6 address. Add it.
>
> Fixes: 51ebd3181572 ("ipv6: add support of equal cost multipath (ECMP)")
> Signed-off-by: David Ahern <dsahern@...nel.org>
> Cc: Nicolas Dichtel <nicolas.dichtel@...nd.com>
> ---
> net/ipv6/route.c | 21 ++++++++++++++++++++-
> 1 file changed, 20 insertions(+), 1 deletion(-)
>
[snip]
> @@ -5264,7 +5277,13 @@ static int ip6_route_multipath_add(struct fib6_config *cfg,
>
> nla = nla_find(attrs, attrlen, RTA_GATEWAY);
> if (nla) {
> - r_cfg.fc_gateway = nla_get_in6_addr(nla);
> + int ret;
> +
> + ret = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
> + extack);
> + if (ret)
> + return ret;
A 'goto cleanup;' is needed is case of error.
Powered by blists - more mailing lists