Prevent userland to modify RTF_LOCAL route entries.

In particular setting an expiration timer on a route entry which would confuse L2 state machines. ok bluhm@
author: mpi <mpi@openbsd.org> 2017-08-10 13:00:30 +0000
committer: mpi <mpi@openbsd.org> 2017-08-10 13:00:30 +0000
commit: 6b46b110a10e7c615fdd01eb0c2c086cffc3902b (patch)
tree: c6feedbae36c9b4cb7bb6eb62a947638752a841a
parent: Remove some case statements which have been compiled out since 2000. (diff)
download: wireguard-openbsd-6b46b110a10e7c615fdd01eb0c2c086cffc3902b.tar.xz
wireguard-openbsd-6b46b110a10e7c615fdd01eb0c2c086cffc3902b.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 5f12aca5f76..efcc5012d39 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtsock.c,v 1.246 2017/08/02 07:42:11 mpi Exp $	*/
+/*	$OpenBSD: rtsock.c,v 1.247 2017/08/10 13:00:30 mpi Exp $	*/
 /*	$NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $	*/
 
 /*
@@ -867,6 +867,15 @@ rtm_output(struct rt_msghdr *rtm, struct rtentry **prt,
 		}
 
 		/*
+		 * Make sure that local routes are only modified by the
+		 * kernel.
+		 */
+		if (ISSET(rt->rt_flags, RTF_LOCAL|RTF_BROADCAST)) {
+			error = EINVAL;
+			break;
+		}
+
+		/*
 		 * RTM_CHANGE/LOCK need a perfect match.
 		 */
 		plen = rtable_satoplen(info->rti_info[RTAX_DST]->sa_family,
author	mpi <mpi@openbsd.org>	2017-08-10 13:00:30 +0000
committer	mpi <mpi@openbsd.org>	2017-08-10 13:00:30 +0000
commit	6b46b110a10e7c615fdd01eb0c2c086cffc3902b (patch)
tree	c6feedbae36c9b4cb7bb6eb62a947638752a841a
parent	Remove some case statements which have been compiled out since 2000. (diff)
download	wireguard-openbsd-6b46b110a10e7c615fdd01eb0c2c086cffc3902b.tar.xz wireguard-openbsd-6b46b110a10e7c615fdd01eb0c2c086cffc3902b.zip