1. 16 Feb, 2018 2 commits
    • Stefano Brivio's avatar
      fib_semantics: Don't match route with mismatching tclassid · a8c6db1d
      Stefano Brivio authored
      In fib_nh_match(), if output interface or gateway are passed in
      the FIB configuration, we don't have to check next hops of
      multipath routes to conclude whether we have a match or not.
      
      However, we might still have routes with different realms
      matching the same output interface and gateway configuration,
      and this needs to cause the match to fail. Otherwise the first
      route inserted in the FIB will match, regardless of the realms:
      
       # ip route add 1.1.1.1 dev eth0 table 1234 realms 1/2
       # ip route append 1.1.1.1 dev eth0 table 1234 realms 3/4
       # ip route list table 1234
       1.1.1.1 dev eth0 scope link realms 1/2
       1.1.1.1 dev eth0 scope link realms 3/4
       # ip route del 1.1.1.1 dev ens3 table 1234 realms 3/4
       # ip route list table 1234
       1.1.1.1 dev ens3 scope link realms 3/4
      
      whereas route with realms 3/4 should have been deleted instead.
      
      Explicitly check for fc_flow passed in the FIB configuration
      (this comes from RTA_FLOW extracted by rtm_to_fib_config()) and
      fail matching if it differs from nh_tclassid.
      
      The handling of RTA_FLOW for multipath routes later in
      fib_nh_match() is still needed, as we can have multiple RTA_FLOW
      attributes that need to be matched against the tclassid of each
      next hop.
      
      v2: Check that fc_flow is set before discarding the match, so
          that the user can still select the first matching rule by
          not specifying any realm, as suggested by David Ahern.
      Reported-by: default avatarJianlin Shi <jishi@redhat.com>
      Signed-off-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Acked-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a8c6db1d
    • Kees Cook's avatar
      NFC: llcp: Limit size of SDP URI · fe9c8426
      Kees Cook authored
      The tlv_len is u8, so we need to limit the size of the SDP URI. Enforce
      this both in the NLA policy and in the code that performs the allocation
      and copy, to avoid writing past the end of the allocated buffer.
      
      Fixes: d9b8d8e1 ("NFC: llcp: Service Name Lookup netlink interface")
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fe9c8426
  2. 14 Feb, 2018 24 commits
  3. 13 Feb, 2018 7 commits
  4. 12 Feb, 2018 7 commits