artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 656dd4d)
Put back the checks about RTF_LOCAL routes now that userland tools are
authormpi <mpi@openbsd.org>
Mon, 11 Aug 2014 11:59:05 +0000 (11:59 +0000)
committermpi <mpi@openbsd.org>
Mon, 11 Aug 2014 11:59:05 +0000 (11:59 +0000)
aware of them.

Original commit message was:

Reserve the highest route priority for kernel-managed routes and prevent
userland from playing with the local and broadcast flags.

ok claudio@

sys/net/route.c patch | blob | history
sys/net/rtsock.c patch | blob | history

diff --git a/sys/net/route.c b/sys/net/route.c
index a8b6dd3..4ff77ef 100644 (file)
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: route.c,v 1.175 2014/07/29 12:18:41 mpi Exp $ */
+/*     $OpenBSD: route.c,v 1.176 2014/08/11 11:59:05 mpi Exp $ */
 /*     $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $      */
 
 /*
@@ -787,6 +787,14 @@ rtrequest1(int req, struct rt_addrinfo *info, u_int8_t prio,
                }
 #endif
 
+               /*
+                * Since RTP_LOCAL cannot be set by userland, make
+                * sure that local routes are only modified by the
+                * kernel.
+                */
+               if (rt->rt_flags & RTF_LOCAL && prio != RTP_LOCAL)
+                       senderr(EINVAL);
+
                if ((rn = rnh->rnh_deladdr(info->rti_info[RTAX_DST],
                    info->rti_info[RTAX_NETMASK], rnh, rn)) == NULL)
                        senderr(ESRCH);
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 6ac074a..943ad8a 100644 (file)
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rtsock.c,v 1.150 2014/07/29 12:18:41 mpi Exp $        */
+/*     $OpenBSD: rtsock.c,v 1.151 2014/08/11 11:59:05 mpi Exp $        */
 /*     $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $  */
 
 /*
@@ -533,13 +533,20 @@ route_output(struct mbuf *m, ...)
        }
 
 
+       /* Do not let userland play with kernel-only flags. */
+       if ((rtm->rtm_flags & (RTF_LOCAL|RTF_BROADCAST)) != 0) {
+               error = EINVAL;
+               goto fail;
+       }
+
        /* make sure that kernel-only bits are not set */
        rtm->rtm_priority &= RTP_MASK;
        rtm->rtm_flags &= ~(RTF_DONE|RTF_CLONED);
        rtm->rtm_fmask &= RTF_FMASK;
 
        if (rtm->rtm_priority != 0) {
-               if (rtm->rtm_priority > RTP_MAX) {
+               if (rtm->rtm_priority > RTP_MAX ||
+                   rtm->rtm_priority == RTP_LOCAL) {
                        error = EINVAL;
                        goto fail;
                }
OpenBSD src
by Ahmet Artu Yildirim