ipv6/addrconf: only check invalid header values when NETLINK_F_STRICT_CHK is set
In commit4b1373de73
("net: ipv6: addr: perform strict checks also for doit handlers") we add strict check for inet6_rtm_getaddr(). But we did the invalid header values check before checking if NETLINK_F_STRICT_CHK is set. This may break backwards compatibility if user already set the ifm->ifa_prefixlen, ifm->ifa_flags, ifm->ifa_scope in their netlink code. I didn't move the nlmsg_len check because I thought it's a valid check. Reported-by: Jianlin Shi <jishi@redhat.com> Fixes:4b1373de73
("net: ipv6: addr: perform strict checks also for doit handlers") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
This commit is contained in:
parent
03b06e3f83
commit
2beb6d2901
@ -5231,16 +5231,16 @@ static int inet6_rtm_valid_getaddr_req(struct sk_buff *skb,
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!netlink_strict_get_check(skb))
|
||||
return nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
|
||||
ifa_ipv6_policy, extack);
|
||||
|
||||
ifm = nlmsg_data(nlh);
|
||||
if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
|
||||
NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for get address request");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!netlink_strict_get_check(skb))
|
||||
return nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
|
||||
ifa_ipv6_policy, extack);
|
||||
|
||||
err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
|
||||
ifa_ipv6_policy, extack);
|
||||
if (err)
|
||||
|
Loading…
Reference in New Issue
Block a user