Commit c0628945 authored by Thomas Haller's avatar Thomas Haller
Browse files

rdisc: reject invalid prefix lengths from router advertisements

Later in NMDevice's rdisc_config_changed(), we already reject
routes with plen==0. Just do it earlier.

We would however not reject bogus routes with a prefix larger then 128.
That would later lead to an error when trying to add such a route to the
kernel.
parent c84d659b
......@@ -158,6 +158,8 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
/* Device route */
r_plen = ndp_msg_opt_prefix_len (msg, offset);
if (r_plen == 0 || r_plen > 128)
continue;
nm_utils_ip6_address_clear_host_address (&r_network, ndp_msg_opt_prefix (msg, offset), r_plen);
if (ndp_msg_opt_prefix_flag_on_link (msg, offset)) {
......@@ -197,6 +199,9 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
.preference = translate_preference (ndp_msg_opt_route_preference (msg, offset)),
};
if (route.plen == 0 || route.plen > 128)
continue;
/* Routers through this particular gateway */
nm_utils_ip6_address_clear_host_address (&route.network, ndp_msg_opt_route_prefix (msg, offset), route.plen);
if (nm_rdisc_add_route (rdisc, &route))
......
......@@ -212,6 +212,9 @@ nm_rdisc_add_route (NMRDisc *rdisc, const NMRDiscRoute *new)
{
int i, insert_idx = -1;
if (new->plen == 0 || new->plen > 128)
return FALSE;
for (i = 0; i < rdisc->routes->len; i++) {
NMRDiscRoute *item = &g_array_index (rdisc->routes, NMRDiscRoute, i);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment