Thomas Graf wrote: > * Patrick McHardy <kaber@xxxxxxxxx> 2007-03-20 17:59 > >>The presence of the attributes when src_len/dst_len is non-zero >>is only verified in fib_newrule, so this looks like it might crash >>when something broken sets src_len/dst_len to a non-zero value >>without actually adding the attributes. > > > You're right, we need to validate in fib_nl_delrule() as well. > > Based on Patrick's patch: > The fib_rules netlink attribute policy introduced in 2.6.19 broke > userspace compatibilty. When specifying a rule with "from all" > or "to all", iproute adds a zero byte long netlink attribute, > but the policy requires all addresses to have a size equal to > sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a > validation error. > > Check attribute length of FRA_SRC/FRA_DST in the generic framework > by letting the family specific rules implementation provide the > length of an address. Report an error if address length is non > zero but no address attribute is provided. Fix actual bug by > checking address length for non-zero instead of relying on > availability of attribute. > > Signed-off-by: Thomas Graf <tgraf@xxxxxxx> This looks good, thanks. Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc