iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipv4: Check attribute length for RTA_FLOW in multipath route

Browse Source 
commit 664b9c4b7392ce723b013201843264bf95481ce5 upstream.

Make sure RTA_FLOW is at least 4B before using.

Fixes: 4e902c57417c ("[IPv4]: FIB configuration using struct fib_config")
Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
David Ahern 2021-12-30 17:36:32 -07:00 committed by Greg Kroah-Hartman
parent 125d91f072
commit 34224e936a
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
net/ipv4/fib_semantics.c
View File

@ -723,8 +723,13 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh,
}
nla = nla_find(attrs, attrlen, RTA_FLOW);
if (nla)
if (nla) {
if (nla_len(nla) < sizeof(u32)) {
NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW");
return -EINVAL;
}
fib_cfg.fc_flow = nla_get_u32(nla);
}
fib_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
@ -955,8 +960,14 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi,
#ifdef CONFIG_IP_ROUTE_CLASSID
nla = nla_find(attrs, attrlen, RTA_FLOW);
if (nla && nla_get_u32(nla) != nh->nh_tclassid)
return 1;
if (nla) {
if (nla_len(nla) < sizeof(u32)) {
NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW");
return -EINVAL;
}
if (nla_get_u32(nla) != nh->nh_tclassid)
return 1;
}
#endif
}