diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2008-04-03 15:52:19 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-03 15:52:19 -0400 |
commit | af2681828af5f2b42e12e8b16ba0cf113cf486c8 (patch) | |
tree | ed25908930ea98782ec7a13fd985c9825317a8b2 /net/ipv6 | |
parent | 9597362d354f8655ece324b01d0c640a0e99c077 (diff) |
[ICMP]: Ensure that ICMP relookup maintains status quo
The ICMP relookup path is only meant to modify behaviour when
appropriate IPsec policies are in place and marked as requiring
relookups. It is certainly not meant to modify behaviour when
IPsec policies don't exist at all.
However, due to an oversight on the error paths existing behaviour
may in fact change should one of the relookup steps fail.
This patch corrects this by redirecting all errors on relookup
failures to the previous code path. That is, if the initial
xfrm_lookup let the packet pass, we will stand by that decision
should the relookup fail due to an error.
This should be safe from a security point-of-view because compliant
systems must install a default deny policy so the packet would'nt
have passed in that case.
Many thanks to Julian Anastasov for pointing out this error.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/icmp.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index f204a7275a0d..893287ecc628 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c | |||
@@ -436,24 +436,26 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, | |||
436 | } | 436 | } |
437 | 437 | ||
438 | if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6)) | 438 | if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6)) |
439 | goto out_dst_release; | 439 | goto relookup_failed; |
440 | 440 | ||
441 | if (ip6_dst_lookup(sk, &dst2, &fl)) | 441 | if (ip6_dst_lookup(sk, &dst2, &fl)) |
442 | goto out_dst_release; | 442 | goto relookup_failed; |
443 | 443 | ||
444 | err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); | 444 | err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); |
445 | if (err == -ENOENT) { | 445 | switch (err) { |
446 | case 0: | ||
447 | dst_release(dst); | ||
448 | dst = dst2; | ||
449 | break; | ||
450 | case -EPERM: | ||
451 | goto out_dst_release; | ||
452 | default: | ||
453 | relookup_failed: | ||
446 | if (!dst) | 454 | if (!dst) |
447 | goto out; | 455 | goto out; |
448 | goto route_done; | 456 | break; |
449 | } | 457 | } |
450 | 458 | ||
451 | dst_release(dst); | ||
452 | dst = dst2; | ||
453 | |||
454 | if (err) | ||
455 | goto out; | ||
456 | |||
457 | route_done: | 459 | route_done: |
458 | if (ipv6_addr_is_multicast(&fl.fl6_dst)) | 460 | if (ipv6_addr_is_multicast(&fl.fl6_dst)) |
459 | hlimit = np->mcast_hops; | 461 | hlimit = np->mcast_hops; |