* [PATCH net 0/5] net: Length checks for attributes within multipath routes
@ 2021-12-31 0:36 David Ahern
2021-12-31 0:36 ` [PATCH net 1/5] ipv4: Check attribute length for RTA_GATEWAY in multipath route David Ahern
` (5 more replies)
0 siblings, 6 replies; 10+ messages in thread
From: David Ahern @ 2021-12-31 0:36 UTC (permalink / raw)
To: netdev; +Cc: idosch, David Ahern
Add length checks for attributes within a multipath route (attributes
within RTA_MULTIPATH). Motivated by the syzbot report in patch 1 and
then expanded to other attributes as noted by Ido.
David Ahern (5):
ipv4: Check attribute length for RTA_GATEWAY in multipath route
ipv4: Check attribute length for RTA_FLOW in multipath route
ipv6: Check attribute length for RTA_GATEWAY in multipath route
ipv6: Check attribute length for RTA_GATEWAY when deleting multipath
route
lwtunnel: Validate RTA_ENCAP_TYPE attribute is at least 2 bytes
net/core/lwtunnel.c | 4 ++++
net/ipv4/fib_semantics.c | 49 +++++++++++++++++++++++++++++++++++-----
net/ipv6/route.c | 31 +++++++++++++++++++++++--
3 files changed, 76 insertions(+), 8 deletions(-)
--
2.24.3 (Apple Git-128)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH net 1/5] ipv4: Check attribute length for RTA_GATEWAY in multipath route
2021-12-31 0:36 [PATCH net 0/5] net: Length checks for attributes within multipath routes David Ahern
@ 2021-12-31 0:36 ` David Ahern
2021-12-31 0:36 ` [PATCH net 2/5] ipv4: Check attribute length for RTA_FLOW " David Ahern
` (4 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: David Ahern @ 2021-12-31 0:36 UTC (permalink / raw)
To: netdev; +Cc: idosch, David Ahern, syzbot+d4b9a2851cc3ce998741, Thomas Graf
syzbot reported uninit-value:
============================================================
BUG: KMSAN: uninit-value in fib_get_nhs+0xac4/0x1f80
net/ipv4/fib_semantics.c:708
fib_get_nhs+0xac4/0x1f80 net/ipv4/fib_semantics.c:708
fib_create_info+0x2411/0x4870 net/ipv4/fib_semantics.c:1453
fib_table_insert+0x45c/0x3a10 net/ipv4/fib_trie.c:1224
inet_rtm_newroute+0x289/0x420 net/ipv4/fib_frontend.c:886
Add helper to validate RTA_GATEWAY length before using the attribute.
Fixes: 4e902c57417c ("[IPv4]: FIB configuration using struct fib_config")
Reported-by: syzbot+d4b9a2851cc3ce998741@syzkaller.appspotmail.com
Signed-off-by: David Ahern <dsahern@kernel.org>
Cc: Thomas Graf <tgraf@suug.ch>
---
net/ipv4/fib_semantics.c | 29 ++++++++++++++++++++++++++---
1 file changed, 26 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index fde7797b5806..f1caa2c1c041 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -662,6 +662,19 @@ static int fib_count_nexthops(struct rtnexthop *rtnh, int remaining,
return nhs;
}
+static int fib_gw_from_attr(__be32 *gw, struct nlattr *nla,
+ struct netlink_ext_ack *extack)
+{
+ if (nla_len(nla) < sizeof(*gw)) {
+ NL_SET_ERR_MSG(extack, "Invalid IPv4 address in RTA_GATEWAY");
+ return -EINVAL;
+ }
+
+ *gw = nla_get_in_addr(nla);
+
+ return 0;
+}
+
/* only called when fib_nh is integrated into fib_info */
static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh,
int remaining, struct fib_config *cfg,
@@ -704,7 +717,11 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh,
return -EINVAL;
}
if (nla) {
- fib_cfg.fc_gw4 = nla_get_in_addr(nla);
+ ret = fib_gw_from_attr(&fib_cfg.fc_gw4, nla,
+ extack);
+ if (ret)
+ goto errout;
+
if (fib_cfg.fc_gw4)
fib_cfg.fc_gw_family = AF_INET;
} else if (nlav) {
@@ -902,6 +919,7 @@ int fib_nh_match(struct net *net, struct fib_config *cfg, struct fib_info *fi,
attrlen = rtnh_attrlen(rtnh);
if (attrlen > 0) {
struct nlattr *nla, *nlav, *attrs = rtnh_attrs(rtnh);
+ int err;
nla = nla_find(attrs, attrlen, RTA_GATEWAY);
nlav = nla_find(attrs, attrlen, RTA_VIA);
@@ -912,12 +930,17 @@ int fib_nh_match(struct net *net, struct fib_config *cfg, struct fib_info *fi,
}
if (nla) {
+ __be32 gw;
+
+ err = fib_gw_from_attr(&gw, nla, extack);
+ if (err)
+ return err;
+
if (nh->fib_nh_gw_family != AF_INET ||
- nla_get_in_addr(nla) != nh->fib_nh_gw4)
+ gw != nh->fib_nh_gw4)
return 1;
} else if (nlav) {
struct fib_config cfg2;
- int err;
err = fib_gw_from_via(&cfg2, nlav, extack);
if (err)
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH net 2/5] ipv4: Check attribute length for RTA_FLOW in multipath route
2021-12-31 0:36 [PATCH net 0/5] net: Length checks for attributes within multipath routes David Ahern
2021-12-31 0:36 ` [PATCH net 1/5] ipv4: Check attribute length for RTA_GATEWAY in multipath route David Ahern
@ 2021-12-31 0:36 ` David Ahern
2021-12-31 0:36 ` [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY " David Ahern
` (3 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: David Ahern @ 2021-12-31 0:36 UTC (permalink / raw)
To: netdev; +Cc: idosch, David Ahern
Make sure RTA_FLOW is at least 4B before using.
Fixes: 4e902c57417c ("[IPv4]: FIB configuration using struct fib_config")
Signed-off-by: David Ahern <dsahern@kernel.org>
---
net/ipv4/fib_semantics.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index f1caa2c1c041..36bc429f1635 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -731,8 +731,13 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh,
}
nla = nla_find(attrs, attrlen, RTA_FLOW);
- if (nla)
+ if (nla) {
+ if (nla_len(nla) < sizeof(u32)) {
+ NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW");
+ return -EINVAL;
+ }
fib_cfg.fc_flow = nla_get_u32(nla);
+ }
fib_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
@@ -963,8 +968,14 @@ int fib_nh_match(struct net *net, struct fib_config *cfg, struct fib_info *fi,
#ifdef CONFIG_IP_ROUTE_CLASSID
nla = nla_find(attrs, attrlen, RTA_FLOW);
- if (nla && nla_get_u32(nla) != nh->nh_tclassid)
- return 1;
+ if (nla) {
+ if (nla_len(nla) < sizeof(u32)) {
+ NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW");
+ return -EINVAL;
+ }
+ if (nla_get_u32(nla) != nh->nh_tclassid)
+ return 1;
+ }
#endif
}
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY in multipath route
2021-12-31 0:36 [PATCH net 0/5] net: Length checks for attributes within multipath routes David Ahern
2021-12-31 0:36 ` [PATCH net 1/5] ipv4: Check attribute length for RTA_GATEWAY in multipath route David Ahern
2021-12-31 0:36 ` [PATCH net 2/5] ipv4: Check attribute length for RTA_FLOW " David Ahern
@ 2021-12-31 0:36 ` David Ahern
2021-12-31 15:30 ` Nicolas Dichtel
2021-12-31 0:36 ` [PATCH net 4/5] ipv6: Check attribute length for RTA_GATEWAY when deleting " David Ahern
` (2 subsequent siblings)
5 siblings, 1 reply; 10+ messages in thread
From: David Ahern @ 2021-12-31 0:36 UTC (permalink / raw)
To: netdev; +Cc: idosch, David Ahern, Nicolas Dichtel
Commit referenced in the Fixes tag used nla_memcpy for RTA_GATEWAY as
does the current nla_get_in6_addr. nla_memcpy protects against accessing
memory greater than what is in the attribute, but there is no check
requiring the attribute to have an IPv6 address. Add it.
Fixes: 51ebd3181572 ("ipv6: add support of equal cost multipath (ECMP)")
Signed-off-by: David Ahern <dsahern@kernel.org>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
net/ipv6/route.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 42d60c76d30a..d16599c225b8 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -5224,6 +5224,19 @@ static bool ip6_route_mpath_should_notify(const struct fib6_info *rt)
return should_notify;
}
+static int fib6_gw_from_attr(struct in6_addr *gw, struct nlattr *nla,
+ struct netlink_ext_ack *extack)
+{
+ if (nla_len(nla) < sizeof(*gw)) {
+ NL_SET_ERR_MSG(extack, "Invalid IPv6 address in RTA_GATEWAY");
+ return -EINVAL;
+ }
+
+ *gw = nla_get_in6_addr(nla);
+
+ return 0;
+}
+
static int ip6_route_multipath_add(struct fib6_config *cfg,
struct netlink_ext_ack *extack)
{
@@ -5264,7 +5277,13 @@ static int ip6_route_multipath_add(struct fib6_config *cfg,
nla = nla_find(attrs, attrlen, RTA_GATEWAY);
if (nla) {
- r_cfg.fc_gateway = nla_get_in6_addr(nla);
+ int ret;
+
+ ret = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
+ extack);
+ if (ret)
+ return ret;
+
r_cfg.fc_flags |= RTF_GATEWAY;
}
r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH net 4/5] ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
2021-12-31 0:36 [PATCH net 0/5] net: Length checks for attributes within multipath routes David Ahern
` (2 preceding siblings ...)
2021-12-31 0:36 ` [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY " David Ahern
@ 2021-12-31 0:36 ` David Ahern
2021-12-31 15:51 ` Nicolas Dichtel
2021-12-31 0:36 ` [PATCH net 5/5] lwtunnel: Validate RTA_ENCAP_TYPE attribute length David Ahern
2021-12-31 14:40 ` [PATCH net 0/5] net: Length checks for attributes within multipath routes patchwork-bot+netdevbpf
5 siblings, 1 reply; 10+ messages in thread
From: David Ahern @ 2021-12-31 0:36 UTC (permalink / raw)
To: netdev; +Cc: idosch, David Ahern, Roopa Prabhu
Make sure RTA_GATEWAY for IPv6 multipath route has enough bytes to hold
an IPv6 address.
Fixes: 6b9ea5a64ed5 ("ipv6: fix multipath route replace error recovery")
Signed-off-by: David Ahern <dsahern@kernel.org>
Cc: Roopa Prabhu <roopa@nvidia.com>
---
net/ipv6/route.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index d16599c225b8..b311c0bc9983 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -5453,7 +5453,11 @@ static int ip6_route_multipath_del(struct fib6_config *cfg,
nla = nla_find(attrs, attrlen, RTA_GATEWAY);
if (nla) {
- nla_memcpy(&r_cfg.fc_gateway, nla, 16);
+ err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
+ extack);
+ if (err)
+ return err;
+
r_cfg.fc_flags |= RTF_GATEWAY;
}
}
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH net 5/5] lwtunnel: Validate RTA_ENCAP_TYPE attribute length
2021-12-31 0:36 [PATCH net 0/5] net: Length checks for attributes within multipath routes David Ahern
` (3 preceding siblings ...)
2021-12-31 0:36 ` [PATCH net 4/5] ipv6: Check attribute length for RTA_GATEWAY when deleting " David Ahern
@ 2021-12-31 0:36 ` David Ahern
2021-12-31 14:40 ` [PATCH net 0/5] net: Length checks for attributes within multipath routes patchwork-bot+netdevbpf
5 siblings, 0 replies; 10+ messages in thread
From: David Ahern @ 2021-12-31 0:36 UTC (permalink / raw)
To: netdev; +Cc: idosch, David Ahern
lwtunnel_valid_encap_type_attr is used to validate encap attributes
within a multipath route. Add length validation checking to the type.
lwtunnel_valid_encap_type_attr is called converting attributes to
fib{6,}_config struct which means it is used before fib_get_nhs,
ip6_route_multipath_add, and ip6_route_multipath_del - other
locations that use rtnh_ok and then nla_get_u16 on RTA_ENCAP_TYPE
attribute.
Fixes: 9ed59592e3e3 ("lwtunnel: fix autoload of lwt modules")
Signed-off-by: David Ahern <dsahern@kernel.org>
---
net/core/lwtunnel.c | 4 ++++
net/ipv4/fib_semantics.c | 3 +++
net/ipv6/route.c | 4 ++++
3 files changed, 11 insertions(+)
diff --git a/net/core/lwtunnel.c b/net/core/lwtunnel.c
index 2820aca2173a..9ccd64e8a666 100644
--- a/net/core/lwtunnel.c
+++ b/net/core/lwtunnel.c
@@ -197,6 +197,10 @@ int lwtunnel_valid_encap_type_attr(struct nlattr *attr, int remaining,
nla_entype = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
if (nla_entype) {
+ if (nla_len(nla_entype) < sizeof(u16)) {
+ NL_SET_ERR_MSG(extack, "Invalid RTA_ENCAP_TYPE");
+ return -EINVAL;
+ }
encap_type = nla_get_u16(nla_entype);
if (lwtunnel_valid_encap_type(encap_type,
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 36bc429f1635..92c29ab3d042 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -740,6 +740,9 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh,
}
fib_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
+ /* RTA_ENCAP_TYPE length checked in
+ * lwtunnel_valid_encap_type_attr
+ */
nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
if (nla)
fib_cfg.fc_encap_type = nla_get_u16(nla);
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index b311c0bc9983..d2ff8a7e1709 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -5287,6 +5287,10 @@ static int ip6_route_multipath_add(struct fib6_config *cfg,
r_cfg.fc_flags |= RTF_GATEWAY;
}
r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
+
+ /* RTA_ENCAP_TYPE length checked in
+ * lwtunnel_valid_encap_type_attr
+ */
nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
if (nla)
r_cfg.fc_encap_type = nla_get_u16(nla);
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH net 0/5] net: Length checks for attributes within multipath routes
2021-12-31 0:36 [PATCH net 0/5] net: Length checks for attributes within multipath routes David Ahern
` (4 preceding siblings ...)
2021-12-31 0:36 ` [PATCH net 5/5] lwtunnel: Validate RTA_ENCAP_TYPE attribute length David Ahern
@ 2021-12-31 14:40 ` patchwork-bot+netdevbpf
5 siblings, 0 replies; 10+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-12-31 14:40 UTC (permalink / raw)
To: David Ahern; +Cc: netdev, idosch
Hello:
This series was applied to netdev/net.git (master)
by David S. Miller <davem@davemloft.net>:
On Thu, 30 Dec 2021 17:36:30 -0700 you wrote:
> Add length checks for attributes within a multipath route (attributes
> within RTA_MULTIPATH). Motivated by the syzbot report in patch 1 and
> then expanded to other attributes as noted by Ido.
>
> David Ahern (5):
> ipv4: Check attribute length for RTA_GATEWAY in multipath route
> ipv4: Check attribute length for RTA_FLOW in multipath route
> ipv6: Check attribute length for RTA_GATEWAY in multipath route
> ipv6: Check attribute length for RTA_GATEWAY when deleting multipath
> route
> lwtunnel: Validate RTA_ENCAP_TYPE attribute is at least 2 bytes
>
> [...]
Here is the summary with links:
- [net,1/5] ipv4: Check attribute length for RTA_GATEWAY in multipath route
https://git.kernel.org/netdev/net/c/7a3429bace0e
- [net,2/5] ipv4: Check attribute length for RTA_FLOW in multipath route
https://git.kernel.org/netdev/net/c/664b9c4b7392
- [net,3/5] ipv6: Check attribute length for RTA_GATEWAY in multipath route
https://git.kernel.org/netdev/net/c/4619bcf91399
- [net,4/5] ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
https://git.kernel.org/netdev/net/c/1ff15a710a86
- [net,5/5] lwtunnel: Validate RTA_ENCAP_TYPE attribute length
https://git.kernel.org/netdev/net/c/8bda81a4d400
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY in multipath route
2021-12-31 0:36 ` [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY " David Ahern
@ 2021-12-31 15:30 ` Nicolas Dichtel
2022-01-02 16:45 ` David Ahern
0 siblings, 1 reply; 10+ messages in thread
From: Nicolas Dichtel @ 2021-12-31 15:30 UTC (permalink / raw)
To: David Ahern, netdev; +Cc: idosch
Le 31/12/2021 à 01:36, David Ahern a écrit :
> Commit referenced in the Fixes tag used nla_memcpy for RTA_GATEWAY as
> does the current nla_get_in6_addr. nla_memcpy protects against accessing
> memory greater than what is in the attribute, but there is no check
> requiring the attribute to have an IPv6 address. Add it.
>
> Fixes: 51ebd3181572 ("ipv6: add support of equal cost multipath (ECMP)")
> Signed-off-by: David Ahern <dsahern@kernel.org>
> Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> ---
> net/ipv6/route.c | 21 ++++++++++++++++++++-
> 1 file changed, 20 insertions(+), 1 deletion(-)
>
[snip]
> @@ -5264,7 +5277,13 @@ static int ip6_route_multipath_add(struct fib6_config *cfg,
>
> nla = nla_find(attrs, attrlen, RTA_GATEWAY);
> if (nla) {
> - r_cfg.fc_gateway = nla_get_in6_addr(nla);
> + int ret;
> +
> + ret = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
> + extack);
> + if (ret)
> + return ret;
A 'goto cleanup;' is needed is case of error.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH net 4/5] ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
2021-12-31 0:36 ` [PATCH net 4/5] ipv6: Check attribute length for RTA_GATEWAY when deleting " David Ahern
@ 2021-12-31 15:51 ` Nicolas Dichtel
0 siblings, 0 replies; 10+ messages in thread
From: Nicolas Dichtel @ 2021-12-31 15:51 UTC (permalink / raw)
To: David Ahern, netdev; +Cc: idosch, Roopa Prabhu
Le 31/12/2021 à 01:36, David Ahern a écrit :
> Make sure RTA_GATEWAY for IPv6 multipath route has enough bytes to hold
> an IPv6 address.
>
> Fixes: 6b9ea5a64ed5 ("ipv6: fix multipath route replace error recovery")
> Signed-off-by: David Ahern <dsahern@kernel.org>
> Cc: Roopa Prabhu <roopa@nvidia.com>
> ---
> net/ipv6/route.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index d16599c225b8..b311c0bc9983 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -5453,7 +5453,11 @@ static int ip6_route_multipath_del(struct fib6_config *cfg,
>
> nla = nla_find(attrs, attrlen, RTA_GATEWAY);
> if (nla) {
> - nla_memcpy(&r_cfg.fc_gateway, nla, 16);
> + err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
> + extack);
> + if (err)
> + return err;
When ip6_route_del() fails, the loop continue. For consistency, maybr it could
be good to do the same for this error.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY in multipath route
2021-12-31 15:30 ` Nicolas Dichtel
@ 2022-01-02 16:45 ` David Ahern
0 siblings, 0 replies; 10+ messages in thread
From: David Ahern @ 2022-01-02 16:45 UTC (permalink / raw)
To: nicolas.dichtel, netdev; +Cc: idosch
On 12/31/21 8:30 AM, Nicolas Dichtel wrote:
> Le 31/12/2021 à 01:36, David Ahern a écrit :
>> Commit referenced in the Fixes tag used nla_memcpy for RTA_GATEWAY as
>> does the current nla_get_in6_addr. nla_memcpy protects against accessing
>> memory greater than what is in the attribute, but there is no check
>> requiring the attribute to have an IPv6 address. Add it.
>>
>> Fixes: 51ebd3181572 ("ipv6: add support of equal cost multipath (ECMP)")
>> Signed-off-by: David Ahern <dsahern@kernel.org>
>> Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
>> ---
>> net/ipv6/route.c | 21 ++++++++++++++++++++-
>> 1 file changed, 20 insertions(+), 1 deletion(-)
>>
> [snip]
>> @@ -5264,7 +5277,13 @@ static int ip6_route_multipath_add(struct fib6_config *cfg,
>>
>> nla = nla_find(attrs, attrlen, RTA_GATEWAY);
>> if (nla) {
>> - r_cfg.fc_gateway = nla_get_in6_addr(nla);
>> + int ret;
>> +
>> + ret = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
>> + extack);
>> + if (ret)
>> + return ret;
> A 'goto cleanup;' is needed is case of error.
good catch; will send a followup.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2022-01-02 16:45 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-31 0:36 [PATCH net 0/5] net: Length checks for attributes within multipath routes David Ahern
2021-12-31 0:36 ` [PATCH net 1/5] ipv4: Check attribute length for RTA_GATEWAY in multipath route David Ahern
2021-12-31 0:36 ` [PATCH net 2/5] ipv4: Check attribute length for RTA_FLOW " David Ahern
2021-12-31 0:36 ` [PATCH net 3/5] ipv6: Check attribute length for RTA_GATEWAY " David Ahern
2021-12-31 15:30 ` Nicolas Dichtel
2022-01-02 16:45 ` David Ahern
2021-12-31 0:36 ` [PATCH net 4/5] ipv6: Check attribute length for RTA_GATEWAY when deleting " David Ahern
2021-12-31 15:51 ` Nicolas Dichtel
2021-12-31 0:36 ` [PATCH net 5/5] lwtunnel: Validate RTA_ENCAP_TYPE attribute length David Ahern
2021-12-31 14:40 ` [PATCH net 0/5] net: Length checks for attributes within multipath routes patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.