summaryrefslogtreecommitdiff
path: root/net/ipv6
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2015-11-02 01:24:38 +0100
committerDavid S. Miller <davem@davemloft.net>2015-11-02 16:30:15 -0500
commitec13ad1d705c9990d55ed8ab21946cef323d30c7 (patch)
tree5f94fdc89dc73c44e1ef5276cae696c9d7d69e9b /net/ipv6
parent4ab42d78e37a294ac7bc56901d563c642e03c4ae (diff)
ipv6: fix crash on ICMPv6 redirects with prohibited/blackholed source
There are other error values besides ip6_null_entry that can be returned by ip6_route_redirect(): fib6_rule_action() can also result in ip6_blk_hole_entry and ip6_prohibit_entry if such ip rules are installed. Only checking for ip6_null_entry in rt6_do_redirect() causes ip6_ins_rt() to be called with rt->rt6i_table == NULL in these cases, making the kernel crash. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/route.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 946880ad48ac..cc88a73b9ce0 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2099,7 +2099,6 @@ static int ip6_route_del(struct fib6_config *cfg)
static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
{
- struct net *net = dev_net(skb->dev);
struct netevent_redirect netevent;
struct rt6_info *rt, *nrt = NULL;
struct ndisc_options ndopts;
@@ -2160,7 +2159,7 @@ static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_bu
}
rt = (struct rt6_info *) dst;
- if (rt == net->ipv6.ip6_null_entry) {
+ if (rt->rt6i_flags & RTF_REJECT) {
net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n");
return;
}