mirror of
https://github.com/torvalds/linux
synced 2024-09-20 02:57:25 +00:00
ipv6: routing header fixes
This patch fixes two bugs: 1. setsockopt() of anything but a Type 2 routing header should return EINVAL instead of EPERM. Noticed by Shan Wei (shanwei@cn.fujitsu.com). 2. setsockopt()/sendmsg() of a Type 2 routing header with invalid length or segments should return EINVAL. These values are statically fixed in RFC 3775, unlike the variable Type 0 was. Signed-off-by: Brian Haley <brian.haley@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
b2af2c1d3e
commit
6e093d9dff
|
@ -661,6 +661,11 @@ int datagram_send_ctl(struct net *net,
|
||||||
switch (rthdr->type) {
|
switch (rthdr->type) {
|
||||||
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
|
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
|
||||||
case IPV6_SRCRT_TYPE_2:
|
case IPV6_SRCRT_TYPE_2:
|
||||||
|
if (rthdr->hdrlen != 2 ||
|
||||||
|
rthdr->segments_left != 1) {
|
||||||
|
err = -EINVAL;
|
||||||
|
goto exit_f;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -366,11 +366,16 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* routing header option needs extra check */
|
/* routing header option needs extra check */
|
||||||
|
retv = -EINVAL;
|
||||||
if (optname == IPV6_RTHDR && opt && opt->srcrt) {
|
if (optname == IPV6_RTHDR && opt && opt->srcrt) {
|
||||||
struct ipv6_rt_hdr *rthdr = opt->srcrt;
|
struct ipv6_rt_hdr *rthdr = opt->srcrt;
|
||||||
switch (rthdr->type) {
|
switch (rthdr->type) {
|
||||||
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
|
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
|
||||||
case IPV6_SRCRT_TYPE_2:
|
case IPV6_SRCRT_TYPE_2:
|
||||||
|
if (rthdr->hdrlen != 2 ||
|
||||||
|
rthdr->segments_left != 1)
|
||||||
|
goto sticky_done;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
|
|
Loading…
Reference in a new issue