From b0851faa36c79079d40f97100f1de0248adbb01a Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Wed, 5 Jun 2019 12:53:44 +0000 Subject: Remove workaround and return EINVAL when userland sends routing messages with bad address flags. OK bluhm@ sthen@ --- sys/net/rtsock.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'sys/net') diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index ee88a011992..457211c2a7e 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.286 2019/05/11 16:47:02 claudio Exp $ */ +/* $OpenBSD: rtsock.c,v 1.287 2019/06/05 12:53:43 claudio Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -1359,15 +1359,8 @@ rtm_xaddrs(caddr_t cp, caddr_t cplim, struct rt_addrinfo *rtinfo) for (i = 0; i < sizeof(rtinfo->rti_addrs) * 8; i++) { if ((rtinfo->rti_addrs & (1 << i)) == 0) continue; - if (i >= RTAX_MAX || cp + sizeof(socklen_t) > cplim) { - /* - * Clear invalid bits, userland code may set them. - * After OpenBSD 6.5 release, fix OpenVPN, remove - * this workaround, and return EINVAL. XXX - */ - rtinfo->rti_addrs &= (1 << i) - 1; - break; - } + if (i >= RTAX_MAX || cp + sizeof(socklen_t) > cplim) + return (EINVAL); sa = (struct sockaddr *)cp; if (cp + sa->sa_len > cplim) return (EINVAL); -- cgit v1.2.3