| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 Jun 2022 23:19:53 +0000
From: Jacques de Laval <jacques.delaval@...tonmail.com>
To: netdev@...r.kernel.org
Cc: Jacques de Laval <jacques.delaval@...tonmail.com>
Subject: [PATCH iproute2-next] lib/rt_names: Fix cache getting trashed on integer input to rtnl_*_a2n
The cache value 'res' should only be updated when the cache key 'cache'
is updated. Otherwise the rtnl_*_a2n functions risk returning wrong
values on subsequent calls.
Signed-off-by: Jacques de Laval <jacques.delaval@...tonmail.com>
---
lib/rt_names.c | 48 +++++++++++++-------------
testsuite/tests/ip/route/set_rtproto.t | 26 ++++++++++++++
2 files changed, 50 insertions(+), 24 deletions(-)
create mode 100755 testsuite/tests/ip/route/set_rtproto.t
diff --git a/lib/rt_names.c b/lib/rt_names.c
index b976471d..a67d8e89 100644
--- a/lib/rt_names.c
+++ b/lib/rt_names.c
@@ -202,7 +202,7 @@ int rtnl_rtprot_a2n(__u32 *id, const char *arg)
static char *cache;
static unsigned long res;
char *end;
- int i;
+ unsigned long i;
if (cache && strcmp(cache, arg) == 0) {
*id = res;
@@ -222,10 +222,10 @@ int rtnl_rtprot_a2n(__u32 *id, const char *arg)
}
}
- res = strtoul(arg, &end, 0);
- if (!end || end == arg || *end || res > 255)
+ i = strtoul(arg, &end, 0);
+ if (!end || end == arg || *end || i > 255)
return -1;
- *id = res;
+ *id = i;
return 0;
}
@@ -271,7 +271,7 @@ int rtnl_rtscope_a2n(__u32 *id, const char *arg)
static const char *cache;
static unsigned long res;
char *end;
- int i;
+ unsigned long i;
if (cache && strcmp(cache, arg) == 0) {
*id = res;
@@ -291,10 +291,10 @@ int rtnl_rtscope_a2n(__u32 *id, const char *arg)
}
}
- res = strtoul(arg, &end, 0);
- if (!end || end == arg || *end || res > 255)
+ i = strtoul(arg, &end, 0);
+ if (!end || end == arg || *end || i > 255)
return -1;
- *id = res;
+ *id = i;
return 0;
}
@@ -334,7 +334,7 @@ int rtnl_rtrealm_a2n(__u32 *id, const char *arg)
static char *cache;
static unsigned long res;
char *end;
- int i;
+ unsigned long i;
if (cache && strcmp(cache, arg) == 0) {
*id = res;
@@ -354,10 +354,10 @@ int rtnl_rtrealm_a2n(__u32 *id, const char *arg)
}
}
- res = strtoul(arg, &end, 0);
- if (!end || end == arg || *end || res > 255)
+ i = strtoul(arg, &end, 0);
+ if (!end || end == arg || *end || i > 255)
return -1;
- *id = res;
+ *id = i;
return 0;
}
@@ -511,7 +511,7 @@ int rtnl_dsfield_a2n(__u32 *id, const char *arg)
static char *cache;
static unsigned long res;
char *end;
- int i;
+ unsigned long i;
if (cache && strcmp(cache, arg) == 0) {
*id = res;
@@ -531,10 +531,10 @@ int rtnl_dsfield_a2n(__u32 *id, const char *arg)
}
}
- res = strtoul(arg, &end, 16);
- if (!end || end == arg || *end || res > 255)
+ i = strtoul(arg, &end, 16);
+ if (!end || end == arg || *end || i > 255)
return -1;
- *id = res;
+ *id = i;
return 0;
}
@@ -668,7 +668,7 @@ int nl_proto_a2n(__u32 *id, const char *arg)
static char *cache;
static unsigned long res;
char *end;
- int i;
+ unsigned long i;
if (cache && strcmp(cache, arg) == 0) {
*id = res;
@@ -688,10 +688,10 @@ int nl_proto_a2n(__u32 *id, const char *arg)
}
}
- res = strtoul(arg, &end, 0);
- if (!end || end == arg || *end || res > 255)
+ i = strtoul(arg, &end, 0);
+ if (!end || end == arg || *end || i > 255)
return -1;
- *id = res;
+ *id = i;
return 0;
}
@@ -760,7 +760,7 @@ int protodown_reason_a2n(__u32 *id, const char *arg)
static char *cache;
static unsigned long res;
char *end;
- int i;
+ unsigned long i;
if (cache && strcmp(cache, arg) == 0) {
*id = res;
@@ -780,9 +780,9 @@ int protodown_reason_a2n(__u32 *id, const char *arg)
}
}
- res = strtoul(arg, &end, 0);
- if (!end || end == arg || *end || res >= PROTODOWN_REASON_NUM_BITS)
+ i = strtoul(arg, &end, 0);
+ if (!end || end == arg || *end || i >= PROTODOWN_REASON_NUM_BITS)
return -1;
- *id = res;
+ *id = i;
return 0;
}
diff --git a/testsuite/tests/ip/route/set_rtproto.t b/testsuite/tests/ip/route/set_rtproto.t
new file mode 100755
index 00000000..f6dfe053
--- /dev/null
+++ b/testsuite/tests/ip/route/set_rtproto.t
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+. lib/generic.sh
+
+ts_log "[Testing setting protocol]"
+
+DEV=dummy0
+
+ts_ip "$0" "Add new interface $DEV" link add $DEV type dummy
+ts_ip "$0" "Set $DEV into UP state" link set up dev $DEV
+
+cat <<EOF | ts_ip "$0" "Add routes with protocol set" -b -
+route add 10.10.0.0 proto ospf dev "$DEV"
+route add 10.20.0.0 proto 255 dev "$DEV"
+route add 10.30.0.0 proto ospf dev "$DEV"
+EOF
+
+ts_ip "$0" "Show proto ospf routes" route show proto ospf
+test_lines_count 2
+test_on "10.10.0.0 dev dummy0 scope link"
+test_on "10.30.0.0 dev dummy0 scope link"
+ts_ip "$0" "Show proto 255 routes" route show 10.20.0.0 proto 255
+test_lines_count 1
+test_on "10.20.0.0 dev dummy0 scope link"
+
+ts_ip "$0" "Del $DEV dummy interface" link del dev "$DEV"
--
2.36.1
Powered by blists - more mailing lists