diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-08-10 13:00:31 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-08-10 13:00:31 +0000 |
| commit | 5fd1667022641dc3334e87caa575671f80cb7cea (patch) | |
| tree | 6d676f82b2bae3ee0c05f08c9c409a3e50207755 | |
| parent | 753f095a020e9fa0757b3b103ca17f9810a65e22 (diff) | |
Prevent userland to modify RTF_LOCAL route entries.
In particular setting an expiration timer on a route entry which would
confuse L2 state machines.
ok bluhm@
| -rw-r--r-- | sys/net/rtsock.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 5f12aca5f76..efcc5012d39 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.246 2017/08/02 07:42:11 mpi Exp $ */ +/* $OpenBSD: rtsock.c,v 1.247 2017/08/10 13:00:30 mpi Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -867,6 +867,15 @@ rtm_output(struct rt_msghdr *rtm, struct rtentry **prt, } /* + * Make sure that local routes are only modified by the + * kernel. + */ + if (ISSET(rt->rt_flags, RTF_LOCAL|RTF_BROADCAST)) { + error = EINVAL; + break; + } + + /* * RTM_CHANGE/LOCK need a perfect match. */ plen = rtable_satoplen(info->rti_info[RTAX_DST]->sa_family, |