Fix setting static entries for arp/ndp.

rtsock message validation changes committed in 2fe5a79425 did not take llinfo messages into account. Add a special validation case for RTA_GATEWAY llinfo messages. MFC after: 2 days
2021-02-20 18:21:52 +00:00 · 2021-02-20 18:21:52 +00:00 · e5b394f2d0
commit e5b394f2d0
parent 020f411255
2 changed files with 27 additions and 0 deletions
--- a/sys/net/if_llatbl.c
+++ b/sys/net/if_llatbl.c
@ -693,6 +693,7 @@ lla_rt_output(struct rt_msghdr *rtm, struct rt_addrinfo *info)
 	if (dl == NULL || dl->sdl_family != AF_LINK)
 		return (EINVAL);

+	/* XXX: should be ntohs() */
 	ifp = ifnet_byindex(dl->sdl_index);
 	if (ifp == NULL) {
 		log(LOG_INFO, "%s: invalid ifp (sdl_index %d)\n",
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@ -1323,11 +1323,37 @@ fill_sockaddr_inet6(struct sockaddr_in6 *sin6, const struct in6_addr *addr6,
 }
 #endif

+/*
+ * Checks if gateway is suitable for lltable operations.
+ * Lltable code requires AF_LINK gateway with ifindex
+ *  and mac address specified.
+ * Returns 0 on success.
+ */
+static int
+cleanup_xaddrs_lladdr(struct rt_addrinfo *info)
+{
+	struct sockaddr_dl *sdl = (struct sockaddr_dl *)info->rti_info[RTAX_GATEWAY];
+
+	if (sdl->sdl_family != AF_LINK)
+		return (EINVAL);
+
+	if (sdl->sdl_index == 0)
+		return (EINVAL);
+
+	if (offsetof(struct sockaddr_dl, sdl_data) + sdl->sdl_nlen + sdl->sdl_alen > sdl->sdl_len)
+		return (EINVAL);
+
+	return (0);
+}
+
 static int
 cleanup_xaddrs_gateway(struct rt_addrinfo *info)
 {
 	struct sockaddr *gw = info->rti_info[RTAX_GATEWAY];

+	if (info->rti_flags & RTF_LLDATA)
+		return (cleanup_xaddrs_lladdr(info));
+
 	switch (gw->sa_family) {
 #ifdef INET
 	case AF_INET: