提交 1a41dbce 编写于 作者: P Pablo Neira Ayuso

Merge tag 'ipvs-fixes-for-v4.11' of http://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs

Simon Horman says:

====================
IPVS Fixes for v4.11

I would also like it considered for stable.

* Explicitly forbid ipv6 service/dest creation if ipv6 mod is disabled
  to avoid oops caused by IPVS accesing IPv6 routing code in such
  circumstances.
====================
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
...@@ -3078,6 +3078,17 @@ static int ip_vs_genl_dump_services(struct sk_buff *skb, ...@@ -3078,6 +3078,17 @@ static int ip_vs_genl_dump_services(struct sk_buff *skb,
return skb->len; return skb->len;
} }
static bool ip_vs_is_af_valid(int af)
{
if (af == AF_INET)
return true;
#ifdef CONFIG_IP_VS_IPV6
if (af == AF_INET6 && ipv6_mod_enabled())
return true;
#endif
return false;
}
static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs, static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs,
struct ip_vs_service_user_kern *usvc, struct ip_vs_service_user_kern *usvc,
struct nlattr *nla, int full_entry, struct nlattr *nla, int full_entry,
...@@ -3104,11 +3115,7 @@ static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs, ...@@ -3104,11 +3115,7 @@ static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs,
memset(usvc, 0, sizeof(*usvc)); memset(usvc, 0, sizeof(*usvc));
usvc->af = nla_get_u16(nla_af); usvc->af = nla_get_u16(nla_af);
#ifdef CONFIG_IP_VS_IPV6 if (!ip_vs_is_af_valid(usvc->af))
if (usvc->af != AF_INET && usvc->af != AF_INET6)
#else
if (usvc->af != AF_INET)
#endif
return -EAFNOSUPPORT; return -EAFNOSUPPORT;
if (nla_fwmark) { if (nla_fwmark) {
...@@ -3610,6 +3617,11 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info) ...@@ -3610,6 +3617,11 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
if (udest.af == 0) if (udest.af == 0)
udest.af = svc->af; udest.af = svc->af;
if (!ip_vs_is_af_valid(udest.af)) {
ret = -EAFNOSUPPORT;
goto out;
}
if (udest.af != svc->af && cmd != IPVS_CMD_DEL_DEST) { if (udest.af != svc->af && cmd != IPVS_CMD_DEL_DEST) {
/* The synchronization protocol is incompatible /* The synchronization protocol is incompatible
* with mixed family services * with mixed family services
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册