diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2014-05-27 09:39:59 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2014-05-27 09:39:59 +0000 |
| commit | b226375ca5b9edbde446546a9c95a5fbee38e05e (patch) | |
| tree | 0bc8bc98974f3447606cb2cda7661b4cb49280c9 /sys/net/rtsock.c | |
| parent | ff568ecad1d4ba99ba4ecd588358f8f64f6f758d (diff) | |
Reserve the highest route priority for kernel-managed routes and prevent
userland from playing with the local and broadcast flags.
ok claudio@
Diffstat (limited to 'sys/net/rtsock.c')
| -rw-r--r-- | sys/net/rtsock.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 72834b7c453..e52e3504019 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.144 2014/05/16 08:21:54 mpi Exp $ */ +/* $OpenBSD: rtsock.c,v 1.145 2014/05/27 09:39:58 mpi Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -534,13 +534,21 @@ route_output(struct mbuf *m, ...) } } + + /* Do not let userland play with kernel-only flags. */ + if ((rtm->rtm_flags & (RTF_LOCAL|RTF_BROADCAST)) != 0) { + error = EINVAL; + goto fail; + } + /* make sure that kernel-only bits are not set */ rtm->rtm_priority &= RTP_MASK; rtm->rtm_flags &= ~(RTF_DONE|RTF_CLONED); rtm->rtm_fmask &= RTF_FMASK; if (rtm->rtm_priority != 0) { - if (rtm->rtm_priority > RTP_MAX) { + if (rtm->rtm_priority > RTP_MAX || + rtm->rtm_priority == RTP_LOCAL) { error = EINVAL; goto fail; } |