From c4bcfe98e2d66d08cfc1eae4681c6f7d0c105935 Mon Sep 17 00:00:00 2001 From: "Alexander V. Chernikov" Date: Sun, 20 Sep 2020 12:31:48 +0000 Subject: [PATCH] Fix gw updates / flag updates during route changes. * Zero gw_sdl if switching to interface route - the assumption that underlying storage is zeroed is incorrect with route changes. * Apply proper flag mask to rte. Reported by: vangyzen --- sys/net/route/nhop_ctl.c | 6 ++++++ sys/net/route/route_ctl.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/sys/net/route/nhop_ctl.c b/sys/net/route/nhop_ctl.c index e3adc620689..ae1bc66dad4 100644 --- a/sys/net/route/nhop_ctl.c +++ b/sys/net/route/nhop_ctl.c @@ -205,6 +205,7 @@ static void fill_sdl_from_ifp(struct sockaddr_dl_short *sdl, const struct ifnet *ifp) { + bzero(sdl, sizeof(struct sockaddr_dl_short)); sdl->sdl_family = AF_LINK; sdl->sdl_len = sizeof(struct sockaddr_dl_short); sdl->sdl_index = ifp->if_index; @@ -217,6 +218,8 @@ set_nhop_gw_from_info(struct nhop_object *nh, struct rt_addrinfo *info) struct sockaddr *gw; gw = info->rti_info[RTAX_GATEWAY]; + KASSERT(gw != NULL, ("gw is NULL")); + if (info->rti_flags & RTF_GATEWAY) { if (gw->sa_len > sizeof(struct sockaddr_in6)) { DPRINTF("nhop SA size too big: AF %d len %u", @@ -319,6 +322,9 @@ nhop_create_from_info(struct rib_head *rnh, struct rt_addrinfo *info, NET_EPOCH_ASSERT(); + if (info->rti_info[RTAX_GATEWAY] == NULL) + return (EINVAL); + nh_priv = alloc_nhop_structure(); error = fill_nhop_from_info(nh_priv, info); diff --git a/sys/net/route/route_ctl.c b/sys/net/route/route_ctl.c index a1bd7ab8a0d..75cc3c2a527 100644 --- a/sys/net/route/route_ctl.c +++ b/sys/net/route/route_ctl.c @@ -397,7 +397,7 @@ create_rtentry(struct rib_head *rnh, struct rt_addrinfo *info, nhop_free(nh); return (ENOBUFS); } - rt->rte_flags = RTF_UP | flags; + rt->rte_flags = (RTF_UP | flags) & RTE_RT_FLAG_MASK; rt->rt_nhop = nh; /* Fill in dst */