diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-28 10:22:11 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-28 10:22:11 -0400 |
| commit | 1a41dbce0dedc2dbf136060f686e0c43d903b612 (patch) | |
| tree | 932c82dd8b74fe5f63214ade6610fec5aadc0633 | |
| parent | 7dde07e9c53617549d67dd3e1d791496d0d3868e (diff) | |
| parent | 1442f6f7c1b77de1c508318164a527e240c24a4d (diff) | |
Merge tag 'ipvs-fixes-for-v4.11' of http://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs
Simon Horman says:
====================
IPVS Fixes for v4.11
I would also like it considered for stable.
* Explicitly forbid ipv6 service/dest creation if ipv6 mod is disabled
to avoid oops caused by IPVS accesing IPv6 routing code in such
circumstances.
====================
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 5aeb0dde6ccc..4d753beaac32 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
| @@ -3078,6 +3078,17 @@ nla_put_failure: | |||
| 3078 | return skb->len; | 3078 | return skb->len; |
| 3079 | } | 3079 | } |
| 3080 | 3080 | ||
| 3081 | static bool ip_vs_is_af_valid(int af) | ||
| 3082 | { | ||
| 3083 | if (af == AF_INET) | ||
| 3084 | return true; | ||
| 3085 | #ifdef CONFIG_IP_VS_IPV6 | ||
| 3086 | if (af == AF_INET6 && ipv6_mod_enabled()) | ||
| 3087 | return true; | ||
| 3088 | #endif | ||
| 3089 | return false; | ||
| 3090 | } | ||
| 3091 | |||
| 3081 | static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs, | 3092 | static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs, |
| 3082 | struct ip_vs_service_user_kern *usvc, | 3093 | struct ip_vs_service_user_kern *usvc, |
| 3083 | struct nlattr *nla, int full_entry, | 3094 | struct nlattr *nla, int full_entry, |
| @@ -3104,11 +3115,7 @@ static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs, | |||
| 3104 | memset(usvc, 0, sizeof(*usvc)); | 3115 | memset(usvc, 0, sizeof(*usvc)); |
| 3105 | 3116 | ||
| 3106 | usvc->af = nla_get_u16(nla_af); | 3117 | usvc->af = nla_get_u16(nla_af); |
| 3107 | #ifdef CONFIG_IP_VS_IPV6 | 3118 | if (!ip_vs_is_af_valid(usvc->af)) |
| 3108 | if (usvc->af != AF_INET && usvc->af != AF_INET6) | ||
| 3109 | #else | ||
| 3110 | if (usvc->af != AF_INET) | ||
| 3111 | #endif | ||
| 3112 | return -EAFNOSUPPORT; | 3119 | return -EAFNOSUPPORT; |
| 3113 | 3120 | ||
| 3114 | if (nla_fwmark) { | 3121 | if (nla_fwmark) { |
| @@ -3610,6 +3617,11 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info) | |||
| 3610 | if (udest.af == 0) | 3617 | if (udest.af == 0) |
| 3611 | udest.af = svc->af; | 3618 | udest.af = svc->af; |
| 3612 | 3619 | ||
| 3620 | if (!ip_vs_is_af_valid(udest.af)) { | ||
| 3621 | ret = -EAFNOSUPPORT; | ||
| 3622 | goto out; | ||
| 3623 | } | ||
| 3624 | |||
| 3613 | if (udest.af != svc->af && cmd != IPVS_CMD_DEL_DEST) { | 3625 | if (udest.af != svc->af && cmd != IPVS_CMD_DEL_DEST) { |
| 3614 | /* The synchronization protocol is incompatible | 3626 | /* The synchronization protocol is incompatible |
| 3615 | * with mixed family services | 3627 | * with mixed family services |