From: bluhm <bluhm@openbsd.org>
Date: Fri, 23 Oct 2015 13:41:41 +0000 (+0000)
Subject: It was possible to create a gateway route pointing to another gateway
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2d047e49b70167f121acceb99d99d7cc45d94670;p=openbsd

It was possible to create a gateway route pointing to another gateway
route by changing the gateway.  Despite the error message when doing
so, the route did actually change.  The gateway is modified by
rt_setgate(), the error is created by rt_getifa().  Do these
operations the other way around.
OK mpi@
---

diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 12d963e4dec..8c81e1ba251 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtsock.c,v 1.174 2015/10/23 10:22:29 claudio Exp $	*/
+/*	$OpenBSD: rtsock.c,v 1.175 2015/10/23 13:41:41 bluhm Exp $	*/
 /*	$NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $	*/
 
 /*
@@ -747,14 +747,11 @@ report:
 				    info.rti_info[RTAX_GATEWAY]->sa_len)) {
 					newgate = 1;
 				}
-			if (info.rti_info[RTAX_GATEWAY] != NULL &&
-			    (error = rt_setgate(rt, info.rti_info[RTAX_GATEWAY],
-			     tableid)))
-				goto flush;
 			/*
-			 * new gateway could require new ifaddr, ifp;
+			 * Check reachable gateway before changing the route.
+			 * New gateway could require new ifaddr, ifp;
 			 * flags may also be different; ifp may be specified
-			 * by ll sockaddr when protocol address is ambiguous
+			 * by ll sockaddr when protocol address is ambiguous.
 			 */
 			if (newgate || info.rti_info[RTAX_IFP] != NULL ||
 			    info.rti_info[RTAX_IFA] != NULL) {
@@ -762,6 +759,10 @@ report:
 					goto flush;
 				ifa = info.rti_ifa;
 			}
+			if (info.rti_info[RTAX_GATEWAY] != NULL &&
+			    (error = rt_setgate(rt, info.rti_info[RTAX_GATEWAY],
+			     tableid)))
+				goto flush;
 			if (ifa) {
 				if (rt->rt_ifa != ifa) {
 					if (rt->rt_ifa->ifa_rtrequest)