tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ioam6: improve checks on user data

This patch improves two checks on user data.

The first one prevents bit 23 from being set, as specified by RFC 9197
(Sec 4.4.1):

Bit 23 Reserved; MUST be set to zero upon transmission and be
ignored upon receipt. This bit is reserved to allow for
future extensions of the IOAM Trace-Type bit field.

The second one checks that the tunnel destination address !=
IPV6_ADDR_ANY, just like we already do for the tunnel source address.

Signed-off-by: Justin Iurman <justin.iurman@uliege.be>
Link: https://patch.msgid.link/20240830191919.51439-1-justin.iurman@uliege.be
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Justin Iurman and committed by
Jakub Kicinski 1a5c4863 54f1a107

+10 -2
+10 -2
net/ipv6/ioam6_iptunnel.c
··· 89 89 trace->type.bit12 | trace->type.bit13 | trace->type.bit14 | 90 90 trace->type.bit15 | trace->type.bit16 | trace->type.bit17 | 91 91 trace->type.bit18 | trace->type.bit19 | trace->type.bit20 | 92 - trace->type.bit21) 92 + trace->type.bit21 | trace->type.bit23) 93 93 return false; 94 94 95 95 trace->nodelen = 0; ··· 199 199 } 200 200 } 201 201 202 - if (tb[IOAM6_IPTUNNEL_DST]) 202 + if (tb[IOAM6_IPTUNNEL_DST]) { 203 203 ilwt->tundst = nla_get_in6_addr(tb[IOAM6_IPTUNNEL_DST]); 204 + 205 + if (ipv6_addr_any(&ilwt->tundst)) { 206 + NL_SET_ERR_MSG_ATTR(extack, tb[IOAM6_IPTUNNEL_DST], 207 + "invalid tunnel dest address"); 208 + err = -EINVAL; 209 + goto free_cache; 210 + } 211 + } 204 212 205 213 tuninfo = ioam6_lwt_info(lwt); 206 214 tuninfo->eh.hdrlen = ((sizeof(*tuninfo) + len_aligned) >> 3) - 1;