Fix for PR 82974. We were not checking that the route looked up in
the case of an RTM_CHANGE was specific, i.e. that it matched completely. This
led to a route change of a non-existent route changing the default route
as the radix code would simply back track to that point and hand that
route back to the routing socket code.
PR: 82974
Reviewed by: Tai-hwa Liang <avatar@mmlab.cse.yzu.edu.tw>
Ben Kaduk <minimarmot@gmail.com>
Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net>
Obtained from: OpenBSD with modifications.
MFC after: 2 weeks
This commit is contained in:
George V. Neville-Neil
parent
dfa5ad9421
commit
ba7be0a934
@ -434,6 +434,25 @@ route_output(struct mbuf *m, struct socket *so)
|
||||
RT_LOCK(rt);
|
||||
RT_ADDREF(rt);
|
||||
|
||||
/*
|
||||
* Fix for PR: 82974
|
||||
*
|
||||
* RTM_CHANGE/LOCK need a perfect match, rn_lookup()
|
||||
* returns a perfect match in case a netmask is
|
||||
* specified. For host routes only a longest prefix
|
||||
* match is returned so it is necessary to compare the
|
||||
* existence of the netmask. If both have a netmask
|
||||
* rnh_lookup() did a perfect match and if none of them
|
||||
* have a netmask both are host routes which is also a
|
||||
* perfect match.
|
||||
*/
|
||||
|
||||
if (rtm->rtm_type != RTM_GET &&
|
||||
(!rt_mask(rt) != !info.rti_info[RTAX_NETMASK])) {
|
||||
RT_UNLOCK(rt);
|
||||
senderr(ESRCH);
|
||||
}
|
||||
|
||||
switch(rtm->rtm_type) {
|
||||
|
||||
case RTM_GET:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user