From: mpi <mpi@openbsd.org>
Date: Mon, 11 Aug 2014 11:59:05 +0000 (+0000)
Subject: Put back the checks about RTF_LOCAL routes now that userland tools are
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e878bfdfef0bd4c3fe7c129febf646283cdc261b;p=openbsd

Put back the checks about RTF_LOCAL routes now that userland tools are
aware of them.

Original commit message was:

Reserve the highest route priority for kernel-managed routes and prevent
userland from playing with the local and broadcast flags.

ok claudio@
---

diff --git a/sys/net/route.c b/sys/net/route.c
index a8b6dd36433..4ff77ef9ab8 100644
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: route.c,v 1.175 2014/07/29 12:18:41 mpi Exp $	*/
+/*	$OpenBSD: route.c,v 1.176 2014/08/11 11:59:05 mpi Exp $	*/
 /*	$NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $	*/
 
 /*
@@ -787,6 +787,14 @@ rtrequest1(int req, struct rt_addrinfo *info, u_int8_t prio,
 		}
 #endif
 
+		/*
+		 * Since RTP_LOCAL cannot be set by userland, make
+		 * sure that local routes are only modified by the
+		 * kernel.
+		 */
+		if (rt->rt_flags & RTF_LOCAL && prio != RTP_LOCAL)
+			senderr(EINVAL);
+
 		if ((rn = rnh->rnh_deladdr(info->rti_info[RTAX_DST],
 		    info->rti_info[RTAX_NETMASK], rnh, rn)) == NULL)
 			senderr(ESRCH);
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 6ac074a7421..943ad8a8261 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtsock.c,v 1.150 2014/07/29 12:18:41 mpi Exp $	*/
+/*	$OpenBSD: rtsock.c,v 1.151 2014/08/11 11:59:05 mpi Exp $	*/
 /*	$NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $	*/
 
 /*
@@ -533,13 +533,20 @@ route_output(struct mbuf *m, ...)
 	}
 
 
+	/* Do not let userland play with kernel-only flags. */
+	if ((rtm->rtm_flags & (RTF_LOCAL|RTF_BROADCAST)) != 0) {
+		error = EINVAL;
+		goto fail;
+	}
+
 	/* make sure that kernel-only bits are not set */
 	rtm->rtm_priority &= RTP_MASK;
 	rtm->rtm_flags &= ~(RTF_DONE|RTF_CLONED);
 	rtm->rtm_fmask &= RTF_FMASK;
 
 	if (rtm->rtm_priority != 0) {
-		if (rtm->rtm_priority > RTP_MAX) {
+		if (rtm->rtm_priority > RTP_MAX ||
+		    rtm->rtm_priority == RTP_LOCAL) {
 			error = EINVAL;
 			goto fail;
 		}