Home Explore Help
Register Sign In
FreifunkHochstift
/
gluon
6
0
Fork 0
Files Issues 0 Pull Requests 0
Tree: 04818c170b
Branches Tags
gluon
/
patches
/
openwrt
/
0010-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch

0010-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch 2.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. From: Matthias Schiffer <mschiffer@universe-factory.net>
    2. 

  2. Date: Mon, 2 Nov 2015 02:02:02 +0100
    3. 

  3. Subject: ipv6: fix crash on ICMPv6 redirects with prohibited/blackholed source
    4. 

  4. 

  5. There are other error values besides ip6_null_entry that can be returned by
    6. 

  6. ip6_route_redirect(): fib6_rule_action() can also result in
    7. 

  7. ip6_blk_hole_entry and ip6_prohibit_entry if such ip rules are installed.
    8. 

  8. 

  9. Only checking for ip6_null_entry in rt6_do_redirect() causes ip6_ins_rt()
    10. 

  10. to be called with rt->rt6i_table == NULL in these cases, making the kernel
    11. 

  11. crash.
    12. 

  12. 

  13. diff --git a/target/linux/generic/patches-3.18/672-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch b/target/linux/generic/patches-3.18/672-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch
    14. 

  14. new file mode 100644
    15. 

  15. index 0000000000000000000000000000000000000000..6e4b3da3ad820e789f57df71b33ccfc5eaead01e
    16. 

  16. --- /dev/null
    17. 

  17. +++ b/target/linux/generic/patches-3.18/672-ipv6-fix-crash-on-ICMPv6-redirects-with-prohibited-blackholed-source.patch
    18. 

  18. @@ -0,0 +1,39 @@
    19. 

  19. +From 7426eb388ade0f1ad800c408d7efa227d4f41408 Mon Sep 17 00:00:00 2001
    20. 

  20. +Message-Id: <7426eb388ade0f1ad800c408d7efa227d4f41408.1446425986.git.mschiffer@universe-factory.net>
    21. 

  21. +From: Matthias Schiffer <mschiffer@universe-factory.net>
    22. 

  22. +Date: Mon, 2 Nov 2015 01:05:15 +0100
    23. 

  23. +Subject: [PATCH] ipv6: fix crash on ICMPv6 redirects with
    24. 

  24. + prohibited/blackholed source
    25. 

  25. +
    26. 

  26. +There are other error values besides ip6_null_entry that can be returned by
    27. 

  27. +ip6_route_redirect(): fib6_rule_action() can also result in
    28. 

  28. +ip6_blk_hole_entry and ip6_prohibit_entry if such ip rules are installed.
    29. 

  29. +
    30. 

  30. +Only checking for ip6_null_entry in rt6_do_redirect() causes ip6_ins_rt()
    31. 

  31. +to be called with rt->rt6i_table == NULL in these cases, making the kernel
    32. 

  32. +crash.
    33. 

  33. +
    34. 

  34. +Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
    35. 

  35. +---
    36. 

  36. + net/ipv6/route.c | 3 +--
    37. 

  37. + 1 file changed, 1 insertion(+), 2 deletions(-)
    38. 

  38. +
    39. 

  39. +--- a/net/ipv6/route.c
    40. 

  40. ++++ b/net/ipv6/route.c
    41. 

  41. +@@ -1766,7 +1766,6 @@ static int ip6_route_del(struct fib6_con
    42. 

  42. + 
    43. 

  43. + static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
    44. 

  44. + {
    45. 

  45. +-	struct net *net = dev_net(skb->dev);
    46. 

  46. + 	struct netevent_redirect netevent;
    47. 

  47. + 	struct rt6_info *rt, *nrt = NULL;
    48. 

  48. + 	struct ndisc_options ndopts;
    49. 

  49. +@@ -1827,7 +1826,7 @@ static void rt6_do_redirect(struct dst_e
    50. 

  50. + 	}
    51. 

  51. + 
    52. 

  52. + 	rt = (struct rt6_info *) dst;
    53. 

  53. +-	if (rt == net->ipv6.ip6_null_entry) {
    54. 

  54. ++	if (rt->rt6i_flags & RTF_REJECT) {
    55. 

  55. + 		net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n");
    56. 

  56. + 		return;
    57. 

  57. + 	}
    58.