Re: [PATCH] IPv6: Fix erratic behavior in rt6_dump

To:	Ville Nuorvala <vnuorval@xxxxxxxxxx>
Subject:	Re: [PATCH] IPv6: Fix erratic behavior in rt6_dump_route()
From:	"David S. Miller" <davem@xxxxxxxxxx>
Date:	Mon, 17 Nov 2003 18:50:50 -0800
Cc:	netdev@xxxxxxxxxxx
In-reply-to:	<Pine.LNX.4.58.0311171155050.21177@rhea.tcs.hut.fi>
References:	<Pine.LNX.4.58.0311171155050.21177@rhea.tcs.hut.fi>
Sender:	netdev-bounce@xxxxxxxxxxx

On Mon, 17 Nov 2003 12:11:52 +0200 (EET)
Ville Nuorvala <vnuorval@xxxxxxxxxx> wrote:

> I noticed some erratic behavior when doing "ip -6 r". I traced the problem
> to rt6_dump_route() where we typecast NLMSG_DATA() to a rtmsg without
> checking the size of the netlink message first. Seems like ip only passes
> a rtgenmsg to the kernel when it does a dump, so we end up reading pure
> garbage when we interpret it as a rtmsg. Please apply the patch!

Let's discuss this a little bit. :)

I believed that these lengths are supposed to be verified at one level
higher, in net/core/rtnetlink.c, see "rtm_min[]".

Well, it doesn't do this length verification on dumps.
I can only assume this is intentional.  Ok, I see, cases
like ipv4 check the length properly so it is clear that
this is required.

I will apply your patch.

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] IPv6: Fix erratic behavior in rt6_dump_route(), Ville Nuorvala Re: [PATCH] IPv6: Fix erratic behavior in rt6_dump_route(), David S. Miller Re: [PATCH] IPv6: Fix erratic behavior in rt6_dump_route(), David S. Miller <=

Previous by Date:	Re: [PATCH]: Adjust qlen when grafting in multiple qdiscs, jamal
Next by Date:	Re: forcedeth: version 0.17 available, Carl-Daniel Hailfinger
Previous by Thread:	Re: [PATCH] IPv6: Fix erratic behavior in rt6_dump_route(), David S. Miller
Next by Thread:	[patch] net/core/flow.c, Jes Sorensen
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: [PATCH] IPv6: Fix erratic behavior in rt6_dump_route()