From c9f4d814b3fa45307c057b15b2c3e826ea53a401 Mon Sep 17 00:00:00 2001 From: Martin Pieuchot Date: Thu, 27 Sep 2018 12:36:58 +0000 Subject: Make sure the L2 entry is cloned before dereferencing its parent. RTF_LOCAL entries or static ARP entries don't have parents, so the logic was incorrect. Note that it might be possible to extend the logic to work with non-cloned L2 entries but the few use cases do not justify the complexity (yet). Problem reported & fix tested by Elie Bouttier. ok bluhm@, visa@, claudio@ --- sys/net/route.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'sys/net/route.c') diff --git a/sys/net/route.c b/sys/net/route.c index ac773074dcb..7f21d9f118d 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -1,4 +1,4 @@ -/* $OpenBSD: route.c,v 1.377 2018/07/11 19:52:19 henning Exp $ */ +/* $OpenBSD: route.c,v 1.378 2018/09/27 12:36:57 mpi Exp $ */ /* $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $ */ /* @@ -395,11 +395,8 @@ rt_setgwroute(struct rtentry *rt, u_int rtableid) if (nhrt->rt_ifidx != rt->rt_ifidx) { struct sockaddr_in6 sa_mask; - /* - * If we found a non-L2 entry on a different interface - * there's nothing we can do. - */ - if (!ISSET(nhrt->rt_flags, RTF_LLINFO)) { + if (!ISSET(nhrt->rt_flags, RTF_LLINFO) || + !ISSET(nhrt->rt_flags, RTF_CLONED)) { rtfree(nhrt); return (EHOSTUNREACH); } -- cgit v1.2.3