fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-08 22:20:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

rdisc: reject invalid prefix lengths from router advertisements

Browse source 
Later in NMDevice's rdisc_config_changed(), we already reject
routes with plen==0. Just do it earlier.

We would however not reject bogus routes with a prefix larger then 128.
That would later lead to an error when trying to add such a route to the
kernel.
This commit is contained in:
Thomas Haller 2016-04-04 11:51:47 +02:00
parent c84d659b9b
commit c06289459f
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/rdisc/nm-lndp-rdisc.c
View file

@ -158,6 +158,8 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
/* Device route */
r_plen = ndp_msg_opt_prefix_len (msg, offset);
if (r_plen == 0 || r_plen > 128)
continue;
nm_utils_ip6_address_clear_host_address (&r_network, ndp_msg_opt_prefix (msg, offset), r_plen);
if (ndp_msg_opt_prefix_flag_on_link (msg, offset)) {
@ -197,6 +199,9 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
.preference = translate_preference (ndp_msg_opt_route_preference (msg, offset)),
};
if (route.plen == 0 || route.plen > 128)
continue;
/* Routers through this particular gateway */
nm_utils_ip6_address_clear_host_address (&route.network, ndp_msg_opt_route_prefix (msg, offset), route.plen);
if (nm_rdisc_add_route (rdisc, &route))

3
src/rdisc/nm-rdisc.c
View file

@ -212,6 +212,9 @@ nm_rdisc_add_route (NMRDisc *rdisc, const NMRDiscRoute *new)
{
int i, insert_idx = -1;
if (new->plen == 0 || new->plen > 128)
return FALSE;
for (i = 0; i < rdisc->routes->len; i++) {
NMRDiscRoute *item = &g_array_index (rdisc->routes, NMRDiscRoute, i);