Skip to content

B
babeld
Commit a6243674 authored by Juliusz Chroboczek's avatar Juliusz Chroboczek
Browse files
Options

Protect against weird data coming from kernel.

parent d59287f6
Show whitespace changes
Inline Side-by-side
Showing with 15 additions and 11 deletions
kernel.c
View file @ a6243674
...@@ -636,7 +636,7 @@ kernel_route(int operation, const unsigned char *dest, unsigned short plen, ...@@ -636,7 +636,7 @@ kernel_route(int operation, const unsigned char *dest, unsigned short plen,
static int static int
parse_kernel_route_rta(struct rtmsg *rtm, int len, struct kernel_route *route) parse_kernel_route_rta(struct rtmsg *rtm, int len, struct kernel_route *route)
{ {
int table = RT_TABLE_MAIN;
struct rtattr *rta= RTM_RTA(rtm);; struct rtattr *rta= RTM_RTA(rtm);;
len -= NLMSG_ALIGN(sizeof(*rtm)); len -= NLMSG_ALIGN(sizeof(*rtm));
...@@ -659,10 +659,12 @@ parse_kernel_route_rta(struct rtmsg *rtm, int len, struct kernel_route *route) ...@@ -659,10 +659,12 @@ parse_kernel_route_rta(struct rtmsg *rtm, int len, struct kernel_route *route)
break; break;
case RTA_PRIORITY: case RTA_PRIORITY:
route->metric = *(int*)RTA_DATA(rta); route->metric = *(int*)RTA_DATA(rta);
if(route->metric < 0 || route->metric > KERNEL_INFINITY)
route->metric = KERNEL_INFINITY;
break; break;
#ifdef RTA_TABLE #ifdef RTA_TABLE
case RTA_TABLE: case RTA_TABLE:
*table = *(int*)RTA_DATA(rta); table = *(int*)RTA_DATA(rta);
break; break;
#endif #endif
default: default:
...@@ -671,10 +673,9 @@ parse_kernel_route_rta(struct rtmsg *rtm, int len, struct kernel_route *route) ...@@ -671,10 +673,9 @@ parse_kernel_route_rta(struct rtmsg *rtm, int len, struct kernel_route *route)
rta = RTA_NEXT(rta, len); rta = RTA_NEXT(rta, len);
} }
route->metric = MIN(route->metric, KERNEL_INFINITY); if(table != RT_TABLE_MAIN)
// TODO Error handling ?? len != 0 return -1;
return 0; return 0;
} }
static void static void
...@@ -703,7 +704,7 @@ print_kernel_route(int add, int protocol, int type, ...@@ -703,7 +704,7 @@ print_kernel_route(int add, int protocol, int type,
static int static int
monitor_kernel_route(struct nlmsghdr *nh, void *data) monitor_kernel_route(struct nlmsghdr *nh, void *data)
{ {
int rc;
struct kernel_route route; struct kernel_route route;
int len = nh->nlmsg_len; int len = nh->nlmsg_len;
...@@ -719,7 +720,8 @@ monitor_kernel_route(struct nlmsghdr *nh, void *data) ...@@ -719,7 +720,8 @@ monitor_kernel_route(struct nlmsghdr *nh, void *data)
return 0; return 0;
if(debug >= 2) { if(debug >= 2) {
parse_kernel_route_rta(rtm, len, &route); rc = parse_kernel_route_rta(rtm, len, &route);
if(rc >= 0)
print_kernel_route(nh->nlmsg_type, rtm->rtm_protocol, print_kernel_route(nh->nlmsg_type, rtm->rtm_protocol,
rtm->rtm_type, &route); rtm->rtm_type, &route);
} }
...@@ -730,7 +732,7 @@ monitor_kernel_route(struct nlmsghdr *nh, void *data) ...@@ -730,7 +732,7 @@ monitor_kernel_route(struct nlmsghdr *nh, void *data)
static int static int
filter_kernel_routes(struct nlmsghdr *nh, void *data) filter_kernel_routes(struct nlmsghdr *nh, void *data)
{ {
int rc;
void **args = (void**)data; void **args = (void**)data;
int maxplen = *(int*)args[0]; int maxplen = *(int*)args[0];
int maxroutes = *(int*)args[1]; int maxroutes = *(int*)args[1];
...@@ -762,7 +764,9 @@ filter_kernel_routes(struct nlmsghdr *nh, void *data) ...@@ -762,7 +764,9 @@ filter_kernel_routes(struct nlmsghdr *nh, void *data)
if(rtm->rtm_table != RT_TABLE_MAIN) if(rtm->rtm_table != RT_TABLE_MAIN)
return 0; return 0;
parse_kernel_route_rta(rtm, len, &routes[*found]); rc = parse_kernel_route_rta(rtm, len, &routes[*found]);
if(rc < 0)
return 0;
if(rtm->rtm_dst_len >= 8 && if(rtm->rtm_dst_len >= 8 &&
(routes[*found].prefix[0] == 0xFF || routes[*found].prefix[0] == 0)) (routes[*found].prefix[0] == 0xFF || routes[*found].prefix[0] == 0))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7