| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 2 Jan 2022 09:45:11 -0700
From: David Ahern <dsahern@...il.com>
To: nicolas.dichtel@...nd.com, netdev@...r.kernel.org
Cc: idosch@...sch.org
Subject: Re: [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY in
multipath route
On 12/31/21 8:30 AM, Nicolas Dichtel wrote:
> Le 31/12/2021 à 01:36, David Ahern a écrit :
>> Commit referenced in the Fixes tag used nla_memcpy for RTA_GATEWAY as
>> does the current nla_get_in6_addr. nla_memcpy protects against accessing
>> memory greater than what is in the attribute, but there is no check
>> requiring the attribute to have an IPv6 address. Add it.
>>
>> Fixes: 51ebd3181572 ("ipv6: add support of equal cost multipath (ECMP)")
>> Signed-off-by: David Ahern <dsahern@...nel.org>
>> Cc: Nicolas Dichtel <nicolas.dichtel@...nd.com>
>> ---
>> net/ipv6/route.c | 21 ++++++++++++++++++++-
>> 1 file changed, 20 insertions(+), 1 deletion(-)
>>
> [snip]
>> @@ -5264,7 +5277,13 @@ static int ip6_route_multipath_add(struct fib6_config *cfg,
>>
>> nla = nla_find(attrs, attrlen, RTA_GATEWAY);
>> if (nla) {
>> - r_cfg.fc_gateway = nla_get_in6_addr(nla);
>> + int ret;
>> +
>> + ret = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
>> + extack);
>> + if (ret)
>> + return ret;
> A 'goto cleanup;' is needed is case of error.
good catch; will send a followup.
Powered by blists - more mailing lists