Hi!
> The patch below does not apply to the 4.4-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@xxxxxxxxxxxxxxx>.
I could not find better place to reply.
I see this patch is queued for 5.10 and 4.19. But it is wrong:
> >From 4619bcf91399f00a40885100fb61d594d8454033 Mon Sep 17 00:00:00 2001
> From: David Ahern <dsahern@xxxxxxxxxx>
> Date: Thu, 30 Dec 2021 17:36:33 -0700
> Subject: [PATCH] ipv6: Check attribute length for RTA_GATEWAY in multipath
> route
>
> Commit referenced in the Fixes tag used nla_memcpy for RTA_GATEWAY as
> does the current nla_get_in6_addr. nla_memcpy protects against accessing
> memory greater than what is in the attribute, but there is no check
> requiring the attribute to have an IPv6 address. Add it.
>
> Fixes: 51ebd3181572 ("ipv6: add support of equal cost multipath
> (ECMP)")
...> @@ -5264,7 +5277,13 @@ static int ip6_route_multipath_add(struct fib6_config *cfg,
>
> nla = nla_find(attrs, attrlen, RTA_GATEWAY);
> if (nla) {
> - r_cfg.fc_gateway = nla_get_in6_addr(nla);
> + int ret;
> +
> + ret = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
> + extack);
> + if (ret)
> + return ret;
> +
Direct return may not be used here. It needs to goto cleanup.
It is already fixed in mainline, so you can probably just cherry-pick
followup patch, too.
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
Attachment:
signature.asc
Description: Digital signature
