Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 Apr 2019 10:18:14 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r346197 - head/sys/net
Message-ID:  <201904141018.x3EAIETP078170@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tuexen
Date: Sun Apr 14 10:18:14 2019
New Revision: 346197
URL: https://svnweb.freebsd.org/changeset/base/346197

Log:
  When sending a routing message, don't allow the user to set the
  RTF_RNH_LOCKED flag in rtm_flags, since this flag is used only
  internally.
  
  Reported by:		syzbot+65c676f5248a13753ea0@syzkaller.appspotmail.com
  Reviewed by:		ae@
  MFC after:		1 week
  Differential Revision:	https://reviews.freebsd.org/D19898

Modified:
  head/sys/net/rtsock.c

Modified: head/sys/net/rtsock.c
==============================================================================
--- head/sys/net/rtsock.c	Sun Apr 14 00:06:49 2019	(r346196)
+++ head/sys/net/rtsock.c	Sun Apr 14 10:18:14 2019	(r346197)
@@ -618,6 +618,8 @@ route_output(struct mbuf *m, struct socket *so, ...)
 	if (rt_xaddrs((caddr_t)(rtm + 1), len + (caddr_t)rtm, &info))
 		senderr(EINVAL);
 
+	if (rtm->rtm_flags & RTF_RNH_LOCKED)
+		senderr(EINVAL);
 	info.rti_flags = rtm->rtm_flags;
 	if (info.rti_info[RTAX_DST] == NULL ||
 	    info.rti_info[RTAX_DST]->sa_family >= AF_MAX ||



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904141018.x3EAIETP078170>