Skip to content

Commit

Permalink
make sure that route_output() does not override routing/ifaddr entrie…
Browse files Browse the repository at this point in the history 
…s due

to filtering for IPv6 scoped addresses.
  • Loading branch information
jinmei committed Aug 12, 2005
1 parent 46357c1 commit 6a13a06
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 34 deletions.
46 changes: 29 additions & 17 deletions netbsd/sys/net/rtsock.c
View file
Expand Up @@ -221,7 +221,7 @@ route_output(m, va_alist)
struct rtentry *rt = 0; struct rtentry *rt = 0;
struct rtentry *saved_nrt = 0; struct rtentry *saved_nrt = 0;
struct radix_node_head *rnh; struct radix_node_head *rnh;
struct rt_addrinfo info; struct rt_addrinfo info, oinfo, *infop = NULL;
int len, error = 0; int len, error = 0;
struct ifnet *ifp = 0; struct ifnet *ifp = 0;
struct ifaddr *ifa = 0; struct ifaddr *ifa = 0;
Expand Down Expand Up @@ -257,6 +257,7 @@ route_output(m, va_alist)
} }
rtm->rtm_pid = curproc->p_pid; rtm->rtm_pid = curproc->p_pid;
memset(&info, 0, sizeof(info)); memset(&info, 0, sizeof(info));
infop = &info;
info.rti_addrs = rtm->rtm_addrs; info.rti_addrs = rtm->rtm_addrs;
if (rt_xaddrs((caddr_t)(rtm + 1), len + (caddr_t)rtm, &info)) if (rt_xaddrs((caddr_t)(rtm + 1), len + (caddr_t)rtm, &info))
senderr(EINVAL); senderr(EINVAL);
Expand Down Expand Up @@ -284,6 +285,10 @@ route_output(m, va_alist)
suser(curproc->p_ucred, &curproc->p_acflag) != 0) suser(curproc->p_ucred, &curproc->p_acflag) != 0)
senderr(EACCES); senderr(EACCES);


/* Remember the original array for possible filtering below */
oinfo = info;
infop = &oinfo;

switch (rtm->rtm_type) { switch (rtm->rtm_type) {


case RTM_ADD: case RTM_ADD:
Expand Down Expand Up @@ -385,6 +390,8 @@ route_output(m, va_alist)
} }
(void)rt_msg2(rtm->rtm_type, &info, (caddr_t)rtm, (void)rt_msg2(rtm->rtm_type, &info, (caddr_t)rtm,
(struct walkarg *)0, 0); (struct walkarg *)0, 0);
/* rt_msg2() did the filtering, so we don't have to */
infop = NULL;
rtm->rtm_flags = rt->rt_flags; rtm->rtm_flags = rt->rt_flags;
rtm->rtm_rmx = rt->rt_rmx; rtm->rtm_rmx = rt->rt_rmx;
rtm->rtm_addrs = info.rti_addrs; rtm->rtm_addrs = info.rti_addrs;
Expand Down Expand Up @@ -471,23 +478,28 @@ route_output(m, va_alist)
} }
if (rtm) { if (rtm) {
#ifdef INET6 #ifdef INET6
int i; if (infop != NULL) {

int i;
/* Special filter for IPv6 scoped addresses (see rtmsg1()) */
for (i = 0; i < RTAX_MAX; i++) {
struct sockaddr *sa;



if ((sa = info.rti_info[i]) == NULL) /*
continue; * Special filter for IPv6 scoped addresses
if ((char *)sa + sa->sa_len <= * (see rtmsg1())
(char *)rtm + rtm->rtm_msglen && */
sa->sa_len == sizeof(struct sockaddr_in6) && for (i = 0; i < RTAX_MAX; i++) {
sa->sa_family == AF_INET6) { struct sockaddr *sa;
struct sockaddr_in6 *sa6;

if ((sa = info.rti_info[i]) == NULL)
sa6 = (struct sockaddr_in6 *)sa; continue;
(void)sa6_recoverscope(sa6); if ((char *)sa + sa->sa_len <=
(char *)rtm + rtm->rtm_msglen &&
sa->sa_len ==
sizeof(struct sockaddr_in6) &&
sa->sa_family == AF_INET6) {
struct sockaddr_in6 *sa6;

sa6 = (struct sockaddr_in6 *)sa;
(void)sa6_recoverscope(sa6);
}
} }
} }
#endif #endif
Expand Down
46 changes: 29 additions & 17 deletions openbsd/sys/net/rtsock.c
View file
Expand Up @@ -184,7 +184,7 @@ route_output(struct mbuf *m, ...)
struct rtentry *rt = NULL; struct rtentry *rt = NULL;
struct rtentry *saved_nrt = NULL; struct rtentry *saved_nrt = NULL;
struct radix_node_head *rnh; struct radix_node_head *rnh;
struct rt_addrinfo info; struct rt_addrinfo info, oinfo, *infop = NULL;
int len, error = 0; int len, error = 0;
struct ifnet *ifp = NULL; struct ifnet *ifp = NULL;
struct ifaddr *ifa = NULL; struct ifaddr *ifa = NULL;
Expand Down Expand Up @@ -225,6 +225,7 @@ route_output(struct mbuf *m, ...)
rtm->rtm_pid = curproc->p_pid; rtm->rtm_pid = curproc->p_pid;


bzero(&info, sizeof(info)); bzero(&info, sizeof(info));
infop = &info;
info.rti_addrs = rtm->rtm_addrs; info.rti_addrs = rtm->rtm_addrs;
rt_xaddrs((caddr_t)(rtm + 1), len + (caddr_t)rtm, &info); rt_xaddrs((caddr_t)(rtm + 1), len + (caddr_t)rtm, &info);
info.rti_flags = rtm->rtm_flags; info.rti_flags = rtm->rtm_flags;
Expand Down Expand Up @@ -256,6 +257,10 @@ route_output(struct mbuf *m, ...)
goto flush; goto flush;
} }


/* Remember the original array for possible filtering below */
oinfo = info;
infop = &oinfo;

switch (rtm->rtm_type) { switch (rtm->rtm_type) {
case RTM_ADD: case RTM_ADD:
if (gate == 0) { if (gate == 0) {
Expand Down Expand Up @@ -369,6 +374,8 @@ route_output(struct mbuf *m, ...)
Free(rtm); rtm = new_rtm; Free(rtm); rtm = new_rtm;
} }
rt_msg2(rtm->rtm_type, &info, (caddr_t)rtm, NULL); rt_msg2(rtm->rtm_type, &info, (caddr_t)rtm, NULL);
/* rt_msg2() did the filtering, so we don't have to */
infop = NULL;
rtm->rtm_flags = rt->rt_flags; rtm->rtm_flags = rt->rt_flags;
rt_getmetrics(&rt->rt_rmx, &rtm->rtm_rmx); rt_getmetrics(&rt->rt_rmx, &rtm->rtm_rmx);
rtm->rtm_addrs = info.rti_addrs; rtm->rtm_addrs = info.rti_addrs;
Expand Down Expand Up @@ -455,23 +462,28 @@ route_output(struct mbuf *m, ...)
route_proto.sp_protocol = dst->sa_family; route_proto.sp_protocol = dst->sa_family;
if (rtm) { if (rtm) {
#ifdef INET6 #ifdef INET6
int i; if (infop != NULL) {

int i;
/* Special filter for IPv6 scoped addresses (see rtmsg1()) */
for (i = 0; i < RTAX_MAX; i++) {
struct sockaddr *sa;



if ((sa = info.rti_info[i]) == NULL) /*
continue; * Special filter for IPv6 scoped addresses
if ((char *)sa + sa->sa_len <= * (see rtmsg1())
(char *)rtm + rtm->rtm_msglen && */
sa->sa_len == sizeof(struct sockaddr_in6) && for (i = 0; i < RTAX_MAX; i++) {
sa->sa_family == AF_INET6) { struct sockaddr *sa;
struct sockaddr_in6 *sa6;

if ((sa = info.rti_info[i]) == NULL)
sa6 = (struct sockaddr_in6 *)sa; continue;
(void)sa6_recoverscope(sa6); if ((char *)sa + sa->sa_len <=
(char *)rtm + rtm->rtm_msglen &&
sa->sa_len ==
sizeof(struct sockaddr_in6) &&
sa->sa_family == AF_INET6) {
struct sockaddr_in6 *sa6;

sa6 = (struct sockaddr_in6 *)sa;
(void)sa6_recoverscope(sa6);
}
} }
} }
#endif #endif
Expand Down

0 comments on commit 6a13a06

Please sign in to comment.