summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/route.c11
-rw-r--r--sys/net/rtsock.c12
2 files changed, 20 insertions, 3 deletions
diff --git a/sys/net/route.c b/sys/net/route.c
index 959d1433571..b9654695e8b 100644
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: route.c,v 1.166 2014/05/21 14:48:28 mpi Exp $ */
+/* $OpenBSD: route.c,v 1.167 2014/05/27 09:39:58 mpi Exp $ */
/* $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $ */
/*
@@ -784,6 +784,15 @@ rtrequest1(int req, struct rt_addrinfo *info, u_int8_t prio,
senderr(ESRCH);
}
#endif
+
+ /*
+ * Since RTP_LOCAL cannot be set by userland, make
+ * sure that local routes are only modified by the
+ * kernel.
+ */
+ if (rt->rt_flags & RTF_LOCAL && prio != RTP_LOCAL)
+ senderr(EINVAL);
+
if ((rn = rnh->rnh_deladdr(info->rti_info[RTAX_DST],
info->rti_info[RTAX_NETMASK], rnh, rn)) == NULL)
senderr(ESRCH);
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 72834b7c453..e52e3504019 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rtsock.c,v 1.144 2014/05/16 08:21:54 mpi Exp $ */
+/* $OpenBSD: rtsock.c,v 1.145 2014/05/27 09:39:58 mpi Exp $ */
/* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */
/*
@@ -534,13 +534,21 @@ route_output(struct mbuf *m, ...)
}
}
+
+ /* Do not let userland play with kernel-only flags. */
+ if ((rtm->rtm_flags & (RTF_LOCAL|RTF_BROADCAST)) != 0) {
+ error = EINVAL;
+ goto fail;
+ }
+
/* make sure that kernel-only bits are not set */
rtm->rtm_priority &= RTP_MASK;
rtm->rtm_flags &= ~(RTF_DONE|RTF_CLONED);
rtm->rtm_fmask &= RTF_FMASK;
if (rtm->rtm_priority != 0) {
- if (rtm->rtm_priority > RTP_MAX) {
+ if (rtm->rtm_priority > RTP_MAX ||
+ rtm->rtm_priority == RTP_LOCAL) {
error = EINVAL;
goto fail;
}