Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b8d3e416 authored Aug 31, 2015 by Daniel Borkmann Committed by David S. Miller Aug 31, 2015

fib, fib6: reject invalid feature bits



Feature bits that are invalid should not be accepted by the kernel,
only the lower 4 bits may be configured, but not the remaining ones.
Even from these 4, 2 of them are unused.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 1bb14807

include/uapi/linux/rtnetlink.h

+7 −4

Original line number	Diff line number	Diff line
		@@ -418,10 +418,13 @@ enum {

		#define RTAX_MAX (__RTAX_MAX - 1)

		#define RTAX_FEATURE_ECN 0x00000001
		#define RTAX_FEATURE_SACK 0x00000002
		#define RTAX_FEATURE_TIMESTAMP 0x00000004
		#define RTAX_FEATURE_ALLFRAG 0x00000008
		#define RTAX_FEATURE_ECN (1 << 0)
		#define RTAX_FEATURE_SACK (1 << 1)
		#define RTAX_FEATURE_TIMESTAMP (1 << 2)
		#define RTAX_FEATURE_ALLFRAG (1 << 3)

		#define RTAX_FEATURE_MASK (RTAX_FEATURE_ECN \| RTAX_FEATURE_SACK \| \
		RTAX_FEATURE_TIMESTAMP \| RTAX_FEATURE_ALLFRAG)

		struct rta_session {
		__u8 proto;

net/ipv4/fib_semantics.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -908,6 +908,8 @@ fib_convert_metrics(struct fib_info fi, const struct fib_config cfg)
		val = 65535 - 40;
		if (type == RTAX_MTU && val > 65535 - 15)
		val = 65535 - 15;
		if (type == RTAX_FEATURES && (val & ~RTAX_FEATURE_MASK))
		return -EINVAL;
		fi->fib_metrics[type - 1] = val;
		}

net/ipv6/route.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1728,6 +1728,8 @@ static int ip6_convert_metrics(struct mx6_config *mxc,
		} else {
		val = nla_get_u32(nla);
		}
		if (type == RTAX_FEATURES && (val & ~RTAX_FEATURE_MASK))
		goto err;

		mp[type - 1] = val;
		__set_bit(type - 1, mxc->mx_valid);