Commit 24ef0da7 authored by Thomas Graf's avatar Thomas Graf Committed by YOSHIFUJI Hideaki

[IPV6] ADDRCONF: Check range of prefix length

As of now, the prefix length is not vaildated when adding or deleting
addresses. The value is passed directly into the inet6_ifaddr structure
and later passed on to memcmp() as length indicator which relies on
the value never to exceed 128 (bits).

Due to the missing check, the currently code allows for any 8 bit
value to be passed on as prefix length while using the netlink
interface, and any 32 bit value while using the ioctl interface.

[Use unsigned int instead to generate better code - yoshfuji]
Signed-off-by: default avatarThomas Graf <tgraf@suug.ch>
Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
parent a3c96089
...@@ -2027,7 +2027,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) ...@@ -2027,7 +2027,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
* Manual configuration of address on an interface * Manual configuration of address on an interface
*/ */
static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx, static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
int plen, __u8 ifa_flags, __u32 prefered_lft, unsigned int plen, __u8 ifa_flags, __u32 prefered_lft,
__u32 valid_lft) __u32 valid_lft)
{ {
struct inet6_ifaddr *ifp; struct inet6_ifaddr *ifp;
...@@ -2039,6 +2039,9 @@ static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx, ...@@ -2039,6 +2039,9 @@ static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
ASSERT_RTNL(); ASSERT_RTNL();
if (plen > 128)
return -EINVAL;
/* check the lifetime */ /* check the lifetime */
if (!valid_lft || prefered_lft > valid_lft) if (!valid_lft || prefered_lft > valid_lft)
return -EINVAL; return -EINVAL;
...@@ -2095,12 +2098,15 @@ static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx, ...@@ -2095,12 +2098,15 @@ static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
} }
static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx, static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx,
int plen) unsigned int plen)
{ {
struct inet6_ifaddr *ifp; struct inet6_ifaddr *ifp;
struct inet6_dev *idev; struct inet6_dev *idev;
struct net_device *dev; struct net_device *dev;
if (plen > 128)
return -EINVAL;
dev = __dev_get_by_index(net, ifindex); dev = __dev_get_by_index(net, ifindex);
if (!dev) if (!dev)
return -ENODEV; return -ENODEV;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment