From patchwork Wed Apr 11 09:43:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 897116 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40LfHG0Mw2z9s3L for ; Wed, 11 Apr 2018 19:43:22 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752212AbeDKJnU (ORCPT ); Wed, 11 Apr 2018 05:43:20 -0400 Received: from mail-pl0-f68.google.com ([209.85.160.68]:43535 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751758AbeDKJnS (ORCPT ); Wed, 11 Apr 2018 05:43:18 -0400 Received: by mail-pl0-f68.google.com with SMTP id a39-v6so984148pla.10 for ; Wed, 11 Apr 2018 02:43:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=wlvuM/+lvutR/BEG3TlqxkSbMl8J8+L+N37/oN3KCWc=; b=Ir+ZsiWoLapkLZzRV8W5L/A3gkerATWXJrQi9Y/owoESBjEjVhbSGr2Ff/nGiR4v5b DzUZWIw24k3iUpdT+nAXWvCU427CTFw4hJZQAcsEwQTqdNG8hh/JXtggvx3Q1AfXv1iI n1mstmkiezO55ZkmK6ab2j0fYVER7jQhDu61HxxxfWN723g/Sl4O+Ixm2weUhrK5axLv lYcCPEeBPhX+OzRVXnIUDMbh+SVdjAklm1AOiTKSE7vUfzcjo444FOuo7yMPepcb15wG Ty924e/JTVz9o/AfDEFyT7SAj5WV+Kgr1MRhHOuyLdOtbFx10LmKH7x04ymxWGaeSYG1 42/Q== X-Gm-Message-State: ALQs6tAsamarm1B/mqALjouW7BOhSHITidsDAxK7za902NJfdyrzYfr9 ZG5maZx4Z01vG2SGRIcA/rLlP9/OqGQ= X-Google-Smtp-Source: AIpwx48+OtH/yMheDUo1wpe2XJyPVDf5vRUjUpVU3aB2IH+J7oQgTyIWpWywhOeX7Co92GaMUNPN5g== X-Received: by 2002:a17:902:41:: with SMTP id 59-v6mr4342361pla.248.1523439798276; Wed, 11 Apr 2018 02:43:18 -0700 (PDT) Received: from redhat.com (red-hat-inc.vlan404.asr1.mad1.gblx.net. [64.215.113.190]) by smtp.gmail.com with ESMTPSA id o123sm1998308pga.76.2018.04.11.02.43.15 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 11 Apr 2018 02:43:16 -0700 (PDT) From: Jakub Sitnicki To: Stephen Hemminger Cc: netdev@vger.kernel.org Subject: [iproute PATCH] iproute: Abort if nexthop cannot be parsed Date: Wed, 11 Apr 2018 11:43:11 +0200 Message-Id: <20180411094311.21097-1-jkbs@redhat.com> X-Mailer: git-send-email 2.14.3 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Attempt to add a multipath route where a nexthop definition refers to a non-existent device causes 'ip' to crash and burn due to stack buffer overflow: # ip -6 route add fd00::1/64 nexthop dev fake1 Cannot find device "fake1" Cannot find device "fake1" Cannot find device "fake1" ... Segmentation fault (core dumped) Don't ignore errors from the helper routine that parses the nexthop definition, and abort immediately if parsing fails. Signed-off-by: Jakub Sitnicki --- ip/iproute.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ip/iproute.c b/ip/iproute.c index 1d8fd815..44351bc5 100644 --- a/ip/iproute.c +++ b/ip/iproute.c @@ -1038,7 +1038,10 @@ static int parse_nexthops(struct nlmsghdr *n, struct rtmsg *r, memset(rtnh, 0, sizeof(*rtnh)); rtnh->rtnh_len = sizeof(*rtnh); rta->rta_len += rtnh->rtnh_len; - parse_one_nh(n, r, rta, rtnh, &argc, &argv); + if (parse_one_nh(n, r, rta, rtnh, &argc, &argv)) { + fprintf(stderr, "Error: cannot parse nexthop\n"); + exit(-1); + } rtnh = RTNH_NEXT(rtnh); }