Commit 187e3838 authored by YOSHIFUJI Hideaki's avatar YOSHIFUJI Hideaki

[IPV6]: Check outgoing interface even if source address is unspecified.

The outgoing interface index (ipi6_ifindex) in IPV6_PKTINFO
ancillary data, is not checked if the source address (ipi6_addr)
is unspecified.  If the ipi6_ifindex is the not-exist interface,
it should be fail.

Based on patch from Shan Wei <shanwei@cn.fujitsu.com> and
Brian Haley <brian.haley@hp.com>.
Signed-off-by: default avatarShan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: default avatarBrian Haley <brian.haley@hp.com>
Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
parent 95b496b6
...@@ -509,7 +509,6 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, ...@@ -509,7 +509,6 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
int addr_type; int addr_type;
struct net_device *dev = NULL;
if (!CMSG_OK(msg, cmsg)) { if (!CMSG_OK(msg, cmsg)) {
err = -EINVAL; err = -EINVAL;
...@@ -522,6 +521,9 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, ...@@ -522,6 +521,9 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
switch (cmsg->cmsg_type) { switch (cmsg->cmsg_type) {
case IPV6_PKTINFO: case IPV6_PKTINFO:
case IPV6_2292PKTINFO: case IPV6_2292PKTINFO:
{
struct net_device *dev = NULL;
if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) { if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) {
err = -EINVAL; err = -EINVAL;
goto exit_f; goto exit_f;
...@@ -535,32 +537,32 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl, ...@@ -535,32 +537,32 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
fl->oif = src_info->ipi6_ifindex; fl->oif = src_info->ipi6_ifindex;
} }
addr_type = ipv6_addr_type(&src_info->ipi6_addr); addr_type = __ipv6_addr_type(&src_info->ipi6_addr);
if (addr_type == IPV6_ADDR_ANY)
break;
if (addr_type & IPV6_ADDR_LINKLOCAL) { if (fl->oif) {
if (!src_info->ipi6_ifindex) dev = dev_get_by_index(&init_net, fl->oif);
return -EINVAL;
else {
dev = dev_get_by_index(&init_net, src_info->ipi6_ifindex);
if (!dev) if (!dev)
return -ENODEV; return -ENODEV;
} } else if (addr_type & IPV6_ADDR_LINKLOCAL)
} return -EINVAL;
if (addr_type != IPV6_ADDR_ANY) {
int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr, if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
dev, 0)) { strict ? dev : NULL, 0))
if (dev)
dev_put(dev);
err = -EINVAL; err = -EINVAL;
goto exit_f; else
ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr);
} }
if (dev) if (dev)
dev_put(dev); dev_put(dev);
ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr); if (err)
goto exit_f;
break; break;
}
case IPV6_FLOWINFO: case IPV6_FLOWINFO:
if (cmsg->cmsg_len < CMSG_LEN(4)) { if (cmsg->cmsg_len < CMSG_LEN(4)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment