rpms/iproute
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- 475130 - Negative preferred lifetimes of IPv6 prefixes/addresses

Browse Source 
displayed incorrectly
- 472878 - “ip maddr show” in IB interface causes a stack corruption
- both patches will be probably in iproute v2.6.28
This commit is contained in:
Marcela Mašláňová 2009-01-12 10:04:48 +00:00
parent b0bf621d1a
commit 6576cc81da
3 changed files with 165 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
ip-maddr-show.patch Normal file
View File

@ -0,0 +1,87 @@
From 7f71c0cae2db61890474e04ba3a26e40219e5561 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Tue, 25 Nov 2008 12:36:22 +0000
Subject: [PATCH] =?utf-8?q?ip=20maddr=20show=E2=80=9D=20on=20an=20infiniband=20address=20causes=20a=20stack=20corruption?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
“ip maddr show” on an infiniband address causes a stack corruption
because the length of the address for Infiniband (20 bytes, as
described in kernel doc Documentation/infiniband/ipoib.txt) does not
fit on the 16 bytes of the field in which it gets stored.
The proposed patch increases the size of the hardware address from 4
__u32 to 8 and also adds a check to avoid overriding the available
size while parsing the hardware address.
This bug affects current upstream code AFAICT.
Hope this helps,
Cheers,
Olivier.
“ip maddr show ib0” causes a stack corruption because the length of the address
for Infiniband (20 see kernel doc Documentation/infiniband/ipoib.txt) does not
fit on the 16 bytes of the field in which it gets stored.
The proposed patch increases the size of the hardware address from 4 u32 to 8
and adds a check to avoid overriding the available size while parsing the
hardware address.
---
include/utils.h | 2 +-
ip/ipmaddr.c | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git iproute-2.6.27/iproute2-2.6.27/include/utils.h iproute-2.6.27/iproute2-2.6.27/include/utils.h
index 5daed6b..f7ef939 100644
--- iproute-2.6.27/iproute2-2.6.27/include/utils.h
+++ iproute-2.6.27/iproute2-2.6.27/include/utils.h
@@ -46,7 +46,7 @@ typedef struct
__u8 bytelen;
__s16 bitlen;
__u32 flags;
- __u32 data[4];
+ __u32 data[8];
} inet_prefix;
#define PREFIXLEN_SPECIFIED 1
diff --git iproute-2.6.27/iproute2-2.6.27/ip/ipmaddr.c iproute-2.6.27/iproute2-2.6.27/ip/ipmaddr.c
index 1014f83..44ffdfc 100644
--- iproute-2.6.27/iproute2-2.6.27/ip/ipmaddr.c
+++ iproute-2.6.27/iproute2-2.6.27/ip/ipmaddr.c
@@ -43,11 +43,11 @@ static void usage(void)
exit(-1);
}
-static int parse_hex(char *str, unsigned char *addr)
+static int parse_hex(char *str, unsigned char *addr, size_t size)
{
int len=0;
- while (*str) {
+ while (*str && (len < 2 * size)) {
int tmp;
if (str[1] == 0)
return -1;
@@ -104,7 +104,7 @@ void read_dev_mcast(struct ma_info **result_p)
m.addr.family = AF_PACKET;
- len = parse_hex(hexa, (unsigned char*)&m.addr.data);
+ len = parse_hex(hexa, (unsigned char*)&m.addr.data, sizeof (m.addr.data));
if (len >= 0) {
struct ma_info *ma = malloc(sizeof(m));
@@ -176,7 +176,7 @@ void read_igmp6(struct ma_info **result_p)
m.addr.family = AF_INET6;
- len = parse_hex(hexa, (unsigned char*)&m.addr.data);
+ len = parse_hex(hexa, (unsigned char*)&m.addr.data, sizeof (m.addr.data));
if (len >= 0) {
struct ma_info *ma = malloc(sizeof(m));
--
1.6.0.6

12
iproute.spec
View File

@ -4,7 +4,7 @@
Summary: Advanced IP routing and network device configuration tools Summary: Advanced IP routing and network device configuration tools
Name: iproute Name: iproute
Version: 2.6.27 Version: 2.6.27
Release: 1%{?dist} Release: 2%{?dist}
Group: Applications/System Group: Applications/System
Source: http://developer.osdl.org/dev/iproute2/download/iproute2-%{version}.tar.gz Source: http://developer.osdl.org/dev/iproute2/download/iproute2-%{version}.tar.gz
#Source1: iproute-doc-2.6.22.tar.gz #Source1: iproute-doc-2.6.22.tar.gz
@ -13,6 +13,8 @@ Patch1: iproute2-2.6.9-kernel.patch
Patch2: iproute2-ss050901-opt_flags.patch Patch2: iproute2-ss050901-opt_flags.patch
Patch3: iproute-ip-man.patch Patch3: iproute-ip-man.patch
Patch4: iproute2-2.6.25-segfault.patch Patch4: iproute2-2.6.25-segfault.patch
Patch5: prefix-assigned.patch
Patch6: ip-maddr-show.patch
License: GPLv2+ License: GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -30,6 +32,8 @@ capabilities of the Linux 2.4.x and 2.6.x kernel.
%patch2 -p1 -b .opt_flags %patch2 -p1 -b .opt_flags
%patch3 -p1 %patch3 -p1
%patch4 -p1 -b .seg %patch4 -p1 -b .seg
%patch5 -p1 -b .prefix
%patch6 -p1 -b .maddr
%build %build
export LIBDIR=%{_libdir} export LIBDIR=%{_libdir}
@ -105,6 +109,12 @@ EOF
%config(noreplace) %{_sysconfdir}/sysconfig/cbq/* %config(noreplace) %{_sysconfdir}/sysconfig/cbq/*
%changelog %changelog
* Mon Jan 12 2009 Marcela Mašláňová <mmaslano@redhat.com> - 2.6.27-2
- 475130 - Negative preferred lifetimes of IPv6 prefixes/addresses
displayed incorrectly
- 472878 - “ip maddr show” in IB interface causes a stack corruption
- both patches will be probably in iproute v2.6.28
* Thu Dec 4 2008 Marcela Maslanova <mmaslano@redhat.com> - 2.6.27-1 * Thu Dec 4 2008 Marcela Maslanova <mmaslano@redhat.com> - 2.6.27-1
- aead support was included into upstream version - aead support was included into upstream version
- patch for moving libs is now deprecated - patch for moving libs is now deprecated

67
prefix-assigned.patch Normal file
View File

@ -0,0 +1,67 @@
From 037d950bceed6d5053758dea601e0d018f5f22d7 Mon Sep 17 00:00:00 2001
From: Benedikt Gollatz <ben@differentialschokolade.org>
Date: Tue, 6 Jan 2009 19:36:56 -0800
Subject: [PATCH] When the preferred lifetime of a prefix assigned by IPv6 autoconfiguration
(router solicitation) becomes negative
How reproducible:
Always.
Steps to Reproduce:
1. Configure an IPv6 router to advertise a prefix with a short preferred
lifetime, e.g. 0.
2. Wait for the IPv6 autoconfiguration process to complete for an interface
<if> connected to a link where that router advertises.
3. Run ip -6 show dev <if>.
Actual results:
The preferred lifetime will have become negative, but it is printed as an
unsigned integer. The preferred lifetime to be displayed will therefore be
close to UINT_MAX.
---
ip/ipaddress.c | 13 ++++++++++---
1 files changed, 10 insertions(+), 3 deletions(-)
diff --git iproute-2.6.27/iproute2-2.6.27/ip/ipaddress.c iproute-2.6.27/iproute2-2.6.27/ip/ipaddress.c
index 51471e8..a732d80 100644
--- iproute-2.6.27/iproute2-2.6.27/ip/ipaddress.c
+++ iproute-2.6.27/iproute2-2.6.27/ip/ipaddress.c
@@ -359,6 +359,7 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n,
FILE *fp = (FILE*)arg;
struct ifaddrmsg *ifa = NLMSG_DATA(n);
int len = n->nlmsg_len;
+ int deprecated = 0;
struct rtattr * rta_tb[IFA_MAX+1];
char abuf[256];
SPRINT_BUF(b1);
@@ -488,6 +489,7 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n,
}
if (ifa->ifa_flags&IFA_F_DEPRECATED) {
ifa->ifa_flags &= ~IFA_F_DEPRECATED;
+ deprecated = 1;
fprintf(fp, "deprecated ");
}
if (ifa->ifa_flags&IFA_F_HOMEADDRESS) {
@@ -516,9 +518,14 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n,
sprintf(buf, "valid_lft %usec", ci->ifa_valid);
if (ci->ifa_prefered == INFINITY_LIFE_TIME)
sprintf(buf+strlen(buf), " preferred_lft forever");
- else
- sprintf(buf+strlen(buf), " preferred_lft %usec",
- ci->ifa_prefered);
+ else {
+ if (deprecated)
+ sprintf(buf+strlen(buf), " preferred_lft %dsec",
+ ci->ifa_prefered);
+ else
+ sprintf(buf+strlen(buf), " preferred_lft %usec",
+ ci->ifa_prefered);
+ }
fprintf(fp, " %s", buf);
}
fprintf(fp, "\n");
--
1.6.0.6