Commit 0a33d62a authored by Julian Anastasov's avatar Julian Anastasov Committed by Greg Kroah-Hartman

ipv4: add missing initialization for flowi4_uid

[ Upstream commit 8bcfd092 ]

Avoid matching of random stack value for uid when rules
are looked up on input route or when RP filter is used.
Problem should affect only setups that use ip rules with
uid range.

Fixes: 622ec2c9 ("net: core: add UID to flows, rules, and routes")
Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 2b5a48d6
...@@ -319,7 +319,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, ...@@ -319,7 +319,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
int ret, no_addr; int ret, no_addr;
struct fib_result res; struct fib_result res;
struct flowi4 fl4; struct flowi4 fl4;
struct net *net; struct net *net = dev_net(dev);
bool dev_match; bool dev_match;
fl4.flowi4_oif = 0; fl4.flowi4_oif = 0;
...@@ -332,6 +332,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, ...@@ -332,6 +332,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
fl4.flowi4_scope = RT_SCOPE_UNIVERSE; fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
fl4.flowi4_tun_key.tun_id = 0; fl4.flowi4_tun_key.tun_id = 0;
fl4.flowi4_flags = 0; fl4.flowi4_flags = 0;
fl4.flowi4_uid = sock_net_uid(net, NULL);
no_addr = idev->ifa_list == NULL; no_addr = idev->ifa_list == NULL;
...@@ -339,13 +340,12 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, ...@@ -339,13 +340,12 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
trace_fib_validate_source(dev, &fl4); trace_fib_validate_source(dev, &fl4);
net = dev_net(dev);
if (fib_lookup(net, &fl4, &res, 0)) if (fib_lookup(net, &fl4, &res, 0))
goto last_resort; goto last_resort;
if (res.type != RTN_UNICAST && if (res.type != RTN_UNICAST &&
(res.type != RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev))) (res.type != RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev)))
goto e_inval; goto e_inval;
if (!rpf && !fib_num_tclassid_users(dev_net(dev)) && if (!rpf && !fib_num_tclassid_users(net) &&
(dev->ifindex != oif || !IN_DEV_TX_REDIRECTS(idev))) (dev->ifindex != oif || !IN_DEV_TX_REDIRECTS(idev)))
goto last_resort; goto last_resort;
fib_combine_itag(itag, &res); fib_combine_itag(itag, &res);
......
...@@ -1858,6 +1858,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, ...@@ -1858,6 +1858,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
fl4.flowi4_flags = 0; fl4.flowi4_flags = 0;
fl4.daddr = daddr; fl4.daddr = daddr;
fl4.saddr = saddr; fl4.saddr = saddr;
fl4.flowi4_uid = sock_net_uid(net, NULL);
err = fib_lookup(net, &fl4, &res, 0); err = fib_lookup(net, &fl4, &res, 0);
if (err != 0) { if (err != 0) {
if (!IN_DEV_FORWARD(in_dev)) if (!IN_DEV_FORWARD(in_dev))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment