Re: [NET]: Fix fib_rules compatibility breakage

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thomas Graf wrote:
> * Patrick McHardy <kaber@xxxxxxxxx> 2007-03-20 17:59
> 
>>The presence of the attributes when src_len/dst_len is non-zero
>>is only verified in fib_newrule, so this looks like it might crash
>>when something broken sets src_len/dst_len to a non-zero value
>>without actually adding the attributes.
> 
> 
> You're right, we need to validate in fib_nl_delrule() as well.
> 
> Based on Patrick's patch:
> The fib_rules netlink attribute policy introduced in 2.6.19 broke
> userspace compatibilty. When specifying a rule with "from all"
> or "to all", iproute adds a zero byte long netlink attribute,
> but the policy requires all addresses to have a size equal to
> sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
> validation error.
> 
> Check attribute length of FRA_SRC/FRA_DST in the generic framework
> by letting the family specific rules implementation provide the
> length of an address. Report an error if address length is non
> zero but no address attribute is provided. Fix actual bug by
> checking address length for non-zero instead of relying on
> availability of attribute.
> 
> Signed-off-by: Thomas Graf <tgraf@xxxxxxx>

This looks good, thanks.

Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux