diff options
| author | Thomas Graf <tgraf@suug.ch> | 2007-03-24 15:46:02 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-03-25 21:48:00 -0400 |
| commit | e1701c68c1d1aeb3213d7016593ea9a1d4309417 (patch) | |
| tree | 96dc2e47b36589636b15602dcdcfd2ea426260b7 /net/core | |
| parent | 5f85813c33ddbf6d11ccfdbcc01f176e24a76bd2 (diff) | |
[NET]: Fix fib_rules compatibility breakage
Based upon a patch from Patrick McHardy.
The fib_rules netlink attribute policy introduced in 2.6.19 broke
userspace compatibilty. When specifying a rule with "from all"
or "to all", iproute adds a zero byte long netlink attribute,
but the policy requires all addresses to have a size equal to
sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
validation error.
Check attribute length of FRA_SRC/FRA_DST in the generic framework
by letting the family specific rules implementation provide the
length of an address. Report an error if address length is non
zero but no address attribute is provided. Fix actual bug by
checking address length for non-zero instead of relying on
availability of attribute.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/fib_rules.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c index 3aea4e87d3d7..d011819a8058 100644 --- a/net/core/fib_rules.c +++ b/net/core/fib_rules.c | |||
| @@ -152,6 +152,28 @@ out: | |||
| 152 | 152 | ||
| 153 | EXPORT_SYMBOL_GPL(fib_rules_lookup); | 153 | EXPORT_SYMBOL_GPL(fib_rules_lookup); |
| 154 | 154 | ||
| 155 | static int validate_rulemsg(struct fib_rule_hdr *frh, struct nlattr **tb, | ||
| 156 | struct fib_rules_ops *ops) | ||
| 157 | { | ||
| 158 | int err = -EINVAL; | ||
| 159 | |||
| 160 | if (frh->src_len) | ||
| 161 | if (tb[FRA_SRC] == NULL || | ||
| 162 | frh->src_len > (ops->addr_size * 8) || | ||
| 163 | nla_len(tb[FRA_SRC]) != ops->addr_size) | ||
| 164 | goto errout; | ||
| 165 | |||
| 166 | if (frh->dst_len) | ||
| 167 | if (tb[FRA_DST] == NULL || | ||
| 168 | frh->dst_len > (ops->addr_size * 8) || | ||
| 169 | nla_len(tb[FRA_DST]) != ops->addr_size) | ||
| 170 | goto errout; | ||
| 171 | |||
| 172 | err = 0; | ||
| 173 | errout: | ||
| 174 | return err; | ||
| 175 | } | ||
| 176 | |||
| 155 | int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | 177 | int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) |
| 156 | { | 178 | { |
| 157 | struct fib_rule_hdr *frh = nlmsg_data(nlh); | 179 | struct fib_rule_hdr *frh = nlmsg_data(nlh); |
| @@ -173,6 +195,10 @@ int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | |||
| 173 | if (err < 0) | 195 | if (err < 0) |
| 174 | goto errout; | 196 | goto errout; |
| 175 | 197 | ||
| 198 | err = validate_rulemsg(frh, tb, ops); | ||
| 199 | if (err < 0) | ||
| 200 | goto errout; | ||
| 201 | |||
| 176 | rule = kzalloc(ops->rule_size, GFP_KERNEL); | 202 | rule = kzalloc(ops->rule_size, GFP_KERNEL); |
| 177 | if (rule == NULL) { | 203 | if (rule == NULL) { |
| 178 | err = -ENOMEM; | 204 | err = -ENOMEM; |
| @@ -260,6 +286,10 @@ int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) | |||
| 260 | if (err < 0) | 286 | if (err < 0) |
| 261 | goto errout; | 287 | goto errout; |
| 262 | 288 | ||
| 289 | err = validate_rulemsg(frh, tb, ops); | ||
| 290 | if (err < 0) | ||
| 291 | goto errout; | ||
| 292 | |||
| 263 | list_for_each_entry(rule, ops->rules_list, list) { | 293 | list_for_each_entry(rule, ops->rules_list, list) { |
| 264 | if (frh->action && (frh->action != rule->action)) | 294 | if (frh->action && (frh->action != rule->action)) |
| 265 | continue; | 295 | continue; |