Reserve the highest route priority for kernel-managed routes and prevent

userland from playing with the local and broadcast flags.

ok claudio@

2 files changed, 20 insertions, 3 deletions

diff --git a/sys/net/route.c b/sys/net/route.c
index 959d1433571..b9654695e8b 100644
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: route.c,v 1.166 2014/05/21 14:48:28 mpi Exp $	*/
+/*	$OpenBSD: route.c,v 1.167 2014/05/27 09:39:58 mpi Exp $	*/
 /*	$NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $	*/
 
 /*
@@ -784,6 +784,15 @@ rtrequest1(int req, struct rt_addrinfo *info, u_int8_t prio,
 				senderr(ESRCH);
 		}
 #endif
+
+		/*
+		 * Since RTP_LOCAL cannot be set by userland, make
+		 * sure that local routes are only modified by the
+		 * kernel.
+		 */
+		if (rt->rt_flags & RTF_LOCAL && prio != RTP_LOCAL)
+			senderr(EINVAL);
+
 		if ((rn = rnh->rnh_deladdr(info->rti_info[RTAX_DST],
 		    info->rti_info[RTAX_NETMASK], rnh, rn)) == NULL)
 			senderr(ESRCH);
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 72834b7c453..e52e3504019 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtsock.c,v 1.144 2014/05/16 08:21:54 mpi Exp $	*/
+/*	$OpenBSD: rtsock.c,v 1.145 2014/05/27 09:39:58 mpi Exp $	*/
 /*	$NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $	*/
 
 /*
@@ -534,13 +534,21 @@ route_output(struct mbuf *m, ...)
 		}
 	}
 
+
+	/* Do not let userland play with kernel-only flags. */
+	if ((rtm->rtm_flags & (RTF_LOCAL|RTF_BROADCAST)) != 0) {
+		error = EINVAL;
+		goto fail;
+	}
+
 	/* make sure that kernel-only bits are not set */
 	rtm->rtm_priority &= RTP_MASK;
 	rtm->rtm_flags &= ~(RTF_DONE|RTF_CLONED);
 	rtm->rtm_fmask &= RTF_FMASK;
 
 	if (rtm->rtm_priority != 0) {
-		if (rtm->rtm_priority > RTP_MAX) {
+		if (rtm->rtm_priority > RTP_MAX ||
+		    rtm->rtm_priority == RTP_LOCAL) {
 			error = EINVAL;
 			goto fail;
 		}