[IPV6]: Check outgoing interface even if source address is unspecified.

The outgoing interface index (ipi6_ifindex) in IPV6_PKTINFO
ancillary data, is not checked if the source address (ipi6_addr)
is unspecified.  If the ipi6_ifindex is the not-exist interface,
it should be fail.

Based on patch from Shan Wei <shanwei@cn.fujitsu.com> and
Brian Haley <brian.haley@hp.com>.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 94fa6ae..53e3883 100644 (file)
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -509,7 +509,6 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
 
        for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
                int addr_type;
-               struct net_device *dev = NULL;
 
                if (!CMSG_OK(msg, cmsg)) {
                        err = -EINVAL;
@@ -522,6 +521,9 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
                switch (cmsg->cmsg_type) {
                case IPV6_PKTINFO:
                case IPV6_2292PKTINFO:
+                   {
+                       struct net_device *dev = NULL;
+
                        if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct in6_pktinfo))) {
                                err = -EINVAL;
                                goto exit_f;
@@ -535,32 +537,32 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
                                fl->oif = src_info->ipi6_ifindex;
                        }
 
-                       addr_type = ipv6_addr_type(&src_info->ipi6_addr);
+                       addr_type = __ipv6_addr_type(&src_info->ipi6_addr);
 
-                       if (addr_type == IPV6_ADDR_ANY)
-                               break;
+                       if (fl->oif) {
+                               dev = dev_get_by_index(&init_net, fl->oif);
+                               if (!dev)
+                                       return -ENODEV;
+                       } else if (addr_type & IPV6_ADDR_LINKLOCAL)
+                               return -EINVAL;
 
-                       if (addr_type & IPV6_ADDR_LINKLOCAL) {
-                               if (!src_info->ipi6_ifindex)
-                                       return -EINVAL;
-                               else {
-                                       dev = dev_get_by_index(&init_net, src_info->ipi6_ifindex);
-                                       if (!dev)
-                                               return -ENODEV;
-                               }
-                       }
-                       if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
-                                          dev, 0)) {
-                               if (dev)
-                                       dev_put(dev);
-                               err = -EINVAL;
-                               goto exit_f;
+                       if (addr_type != IPV6_ADDR_ANY) {
+                               int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
+                               if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
+                                                  strict ? dev : NULL, 0))
+                                       err = -EINVAL;
+                               else
+                                       ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr);
                        }
+
                        if (dev)
                                dev_put(dev);
 
-                       ipv6_addr_copy(&fl->fl6_src, &src_info->ipi6_addr);
+                       if (err)
+                               goto exit_f;
+
                        break;
+                   }
 
                case IPV6_FLOWINFO:
                        if (cmsg->cmsg_len < CMSG_LEN(4)) {