diff options
author | Jeremy Kerr <jk@codeconstruct.com.au> | 2022-02-18 07:25:54 +0300 |
---|---|---|
committer | Joel Stanley <joel@jms.id.au> | 2022-03-18 03:38:47 +0300 |
commit | a6ad1a1074d1604a7e2f602e75f414b4adf643d5 (patch) | |
tree | f1fbbc6f483da552b8938fafa169ee83afc51ca1 /net/mctp | |
parent | 50126574fd6ab6dcaad87b2c0d0c32d74a4e3db2 (diff) | |
download | linux-a6ad1a1074d1604a7e2f602e75f414b4adf643d5.tar.xz |
mctp: add address validity checking for packet receive
This change adds some basic sanity checks for the source and dest
headers of packets on initial receive.
OpenBMC-Staging-Count: 1
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 86cdfd63f25dc1c8f241ee70c58da3c10472b76e)
Signed-off-by: Joel Stanley <joel@jms.id.au>
Diffstat (limited to 'net/mctp')
-rw-r--r-- | net/mctp/route.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/net/mctp/route.c b/net/mctp/route.c index 6a11d78cfbab..fe6c8bf1ec2c 100644 --- a/net/mctp/route.c +++ b/net/mctp/route.c @@ -1092,6 +1092,17 @@ static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev, if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX) goto err_drop; + /* source must be valid unicast or null; drop reserved ranges and + * broadcast + */ + if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src))) + goto err_drop; + + /* dest address: as above, but allow broadcast */ + if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) || + mctp_address_broadcast(mh->dest))) + goto err_drop; + /* MCTP drivers must populate halen/haddr */ if (dev->type == ARPHRD_MCTP) { cb = mctp_cb(skb); |