summaryrefslogtreecommitdiffstats
path: root/net/ipv6/route.c
diff options
context:
space:
mode:
authorPaolo Abeni <pabeni@redhat.com>2016-05-13 18:33:41 +0200
committerDavid S. Miller <davem@davemloft.net>2016-05-14 21:33:32 +0200
commit626abd59e51d4d8c6367e03aae252a8aa759ac78 (patch)
tree82140aaabeabc172e13cf5fc78d564a93acd5a0d /net/ipv6/route.c
parentnf_conntrack: avoid kernel pointer value leak in slab name (diff)
downloadlinux-626abd59e51d4d8c6367e03aae252a8aa759ac78.tar.xz
linux-626abd59e51d4d8c6367e03aae252a8aa759ac78.zip
net/route: enforce hoplimit max value
Currently, when creating or updating a route, no check is performed in both ipv4 and ipv6 code to the hoplimit value. The caller can i.e. set hoplimit to 256, and when such route will be used, packets will be sent with hoplimit/ttl equal to 0. This commit adds checks for the RTAX_HOPLIMIT value, in both ipv4 ipv6 route code, substituting any value greater than 255 with 255. This is consistent with what is currently done for ADVMSS and MTU in the ipv4 code. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to '')
-rw-r--r--net/ipv6/route.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index d916d6ab9ad2..6f32944e0223 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1750,6 +1750,8 @@ static int ip6_convert_metrics(struct mx6_config *mxc,
} else {
val = nla_get_u32(nla);
}
+ if (type == RTAX_HOPLIMIT && val > 255)
+ val = 255;
if (type == RTAX_FEATURES && (val & ~RTAX_FEATURE_MASK))
goto err;