Commit 14df015b authored by Matti Vaittinen's avatar Matti Vaittinen Committed by David S. Miller

IPV6 Fix a crash when trying to replace non existing route

This patch fixes a crash when non existing IPv6 route is tried to be changed.

When new destination node was inserted in middle of FIB6 tree, no relevant
sanity checks were performed. Later route insertion might have been prevented
due to invalid request, causing node with no rt info being left in tree.
When this node was accessed, a crash occurred.

Patch adds missing checks in fib6_add_1()
Signed-off-by: default avatarMatti Vaittinen <Mazziesaccount@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8f5f6982
...@@ -449,9 +449,15 @@ static struct fib6_node * fib6_add_1(struct fib6_node *root, void *addr, ...@@ -449,9 +449,15 @@ static struct fib6_node * fib6_add_1(struct fib6_node *root, void *addr,
*/ */
if (plen < fn->fn_bit || if (plen < fn->fn_bit ||
!ipv6_prefix_equal(&key->addr, addr, fn->fn_bit)) { !ipv6_prefix_equal(&key->addr, addr, fn->fn_bit)) {
if (!allow_create) if (!allow_create) {
if (replace_required) {
printk(KERN_WARNING
"IPv6: Can't replace route, no match found\n");
return ERR_PTR(-ENOENT);
}
printk(KERN_WARNING printk(KERN_WARNING
"IPv6: NLM_F_CREATE should be set when creating new route\n"); "IPv6: NLM_F_CREATE should be set when creating new route\n");
}
goto insert_above; goto insert_above;
} }
...@@ -482,7 +488,7 @@ static struct fib6_node * fib6_add_1(struct fib6_node *root, void *addr, ...@@ -482,7 +488,7 @@ static struct fib6_node * fib6_add_1(struct fib6_node *root, void *addr,
fn = dir ? fn->right: fn->left; fn = dir ? fn->right: fn->left;
} while (fn); } while (fn);
if (replace_required && !allow_create) { if (!allow_create) {
/* We should not create new node because /* We should not create new node because
* NLM_F_REPLACE was specified without NLM_F_CREATE * NLM_F_REPLACE was specified without NLM_F_CREATE
* I assume it is safe to require NLM_F_CREATE when * I assume it is safe to require NLM_F_CREATE when
...@@ -492,16 +498,17 @@ static struct fib6_node * fib6_add_1(struct fib6_node *root, void *addr, ...@@ -492,16 +498,17 @@ static struct fib6_node * fib6_add_1(struct fib6_node *root, void *addr,
* MUST be specified if new route is created. * MUST be specified if new route is created.
* That would keep IPv6 consistent with IPv4 * That would keep IPv6 consistent with IPv4
*/ */
if (replace_required) {
printk(KERN_WARNING printk(KERN_WARNING
"IPv6: NLM_F_CREATE should be set when creating new route - ignoring request\n"); "IPv6: Can't replace route, no match found\n");
return ERR_PTR(-ENOENT); return ERR_PTR(-ENOENT);
} }
printk(KERN_WARNING "IPv6: NLM_F_CREATE should be set when creating new route\n");
}
/* /*
* We walked to the bottom of tree. * We walked to the bottom of tree.
* Create new leaf node without children. * Create new leaf node without children.
*/ */
if (!allow_create)
printk(KERN_WARNING "IPv6: NLM_F_CREATE should be set when creating new route\n");
ln = node_alloc(); ln = node_alloc();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment