Commit bbcf340d authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'add-checks-for-incoming-packet-addresses' 

Jeremy Kerr says:

====================
Add checks for incoming packet addresses

This series adds a couple of checks for valid addresses on incoming MCTP
packets. We introduce a couple of helpers in 1/2, and use them in the
ingress path in 2/2.
====================

Link: https://lore.kernel.org/r/20220218042554.564787-1-jk@codeconstruct.com.au


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 47f0bd50 86cdfd63

include/net/mctp.h

+11 −1
Original line number Diff line number Diff line
@@ -40,11 +40,21 @@ struct mctp_hdr { 


#define MCTP_INITIAL_DEFAULT_NET	1



static inline bool mctp_address_ok(mctp_eid_t eid)

static inline bool mctp_address_unicast(mctp_eid_t eid)

{

	return eid >= 8 && eid < 255;

}



static inline bool mctp_address_broadcast(mctp_eid_t eid)

{

	return eid == 255;

}



static inline bool mctp_address_null(mctp_eid_t eid)

{

	return eid == 0;

}



static inline bool mctp_address_matches(mctp_eid_t match, mctp_eid_t eid)

{

	return match == eid || match == MCTP_ADDR_ANY;

net/mctp/device.c

+1 −1
Original line number Diff line number Diff line
@@ -209,7 +209,7 @@ static int mctp_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, 
	if (!mdev)

		return -ENODEV;



	if (!mctp_address_ok(addr->s_addr))

	if (!mctp_address_unicast(addr->s_addr))

		return -EINVAL;



	/* Prevent duplicates. Under RTNL so don't need to lock for reading */

net/mctp/neigh.c

+1 −1
Original line number Diff line number Diff line
@@ -143,7 +143,7 @@ static int mctp_rtm_newneigh(struct sk_buff *skb, struct nlmsghdr *nlh, 
	}



	eid = nla_get_u8(tb[NDA_DST]);

	if (!mctp_address_ok(eid)) {

	if (!mctp_address_unicast(eid)) {

		NL_SET_ERR_MSG(extack, "Invalid neighbour EID");

		return -EINVAL;

	}

net/mctp/route.c

+12 −1
Original line number Diff line number Diff line
@@ -962,7 +962,7 @@ static int mctp_route_add(struct mctp_dev *mdev, mctp_eid_t daddr_start, 
	struct net *net = dev_net(mdev->dev);

	struct mctp_route *rt, *ert;



	if (!mctp_address_ok(daddr_start))

	if (!mctp_address_unicast(daddr_start))

		return -EINVAL;



	if (daddr_extent > 0xff || daddr_start + daddr_extent >= 255)
@@ -1092,6 +1092,17 @@ static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev, 
	if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)

		goto err_drop;



	/* source must be valid unicast or null; drop reserved ranges and

	 * broadcast

	 */

	if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))

		goto err_drop;



	/* dest address: as above, but allow broadcast */

	if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||

	      mctp_address_broadcast(mh->dest)))

		goto err_drop;



	/* MCTP drivers must populate halen/haddr */

	if (dev->type == ARPHRD_MCTP) {

		cb = mctp_cb(skb);