]> git.itanic.dy.fi Git - linux-stable/commitdiff
projects / linux-stable / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3f54d33)
ipv6/addrconf: only check invalid header values when NETLINK_F_STRICT_CHK is set
authorHangbin Liu <liuhangbin@gmail.com>
Wed, 11 Dec 2019 14:20:16 +0000 (22:20 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 4 Jan 2020 18:19:17 +0000 (19:19 +0100)
[ Upstream commit 2beb6d2901a3f73106485d560c49981144aeacb1 ]

In commit 4b1373de73a3 ("net: ipv6: addr: perform strict checks also for
doit handlers") we add strict check for inet6_rtm_getaddr(). But we did
the invalid header values check before checking if NETLINK_F_STRICT_CHK
is set. This may break backwards compatibility if user already set the
ifm->ifa_prefixlen, ifm->ifa_flags, ifm->ifa_scope in their netlink code.

I didn't move the nlmsg_len check because I thought it's a valid check.

Reported-by: Jianlin Shi <jishi@redhat.com>
Fixes: 4b1373de73a3 ("net: ipv6: addr: perform strict checks also for doit handlers")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/ipv6/addrconf.c patch | blob | history

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 34ccef18b40e60e283a63c18102fef8b927cbfaf..f9b5690e94fd4454d9e8f2d4aa35a0cc40aad816 100644 (file)
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -5231,16 +5231,16 @@ static int inet6_rtm_valid_getaddr_req(struct sk_buff *skb,
                return -EINVAL;
        }
 
+       if (!netlink_strict_get_check(skb))
+               return nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
+                                             ifa_ipv6_policy, extack);
+
        ifm = nlmsg_data(nlh);
        if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
                NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for get address request");
                return -EINVAL;
        }
 
-       if (!netlink_strict_get_check(skb))
-               return nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
-                                             ifa_ipv6_policy, extack);
-
        err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
                                            ifa_ipv6_policy, extack);
        if (err)
Unnamed repository; edit this file 'description' to name the repository.