mctp: add address validity checking for packet receive
authorJeremy Kerr <jk@codeconstruct.com.au>
Fri, 18 Feb 2022 04:25:54 +0000 (12:25 +0800)
committerJakub Kicinski <kuba@kernel.org>
Sat, 19 Feb 2022 05:24:29 +0000 (21:24 -0800)
This change adds some basic sanity checks for the source and dest
headers of packets on initial receive.

Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/mctp/route.c

index 6a11d78cfbab77c840cdf8c646c63120b439ee1e..fe6c8bf1ec2c660caae3d7aa777a24ca145744bc 100644 (file)
@@ -1092,6 +1092,17 @@ static int mctp_pkttype_receive(struct sk_buff *skb, struct net_device *dev,
        if (mh->ver < MCTP_VER_MIN || mh->ver > MCTP_VER_MAX)
                goto err_drop;
 
+       /* source must be valid unicast or null; drop reserved ranges and
+        * broadcast
+        */
+       if (!(mctp_address_unicast(mh->src) || mctp_address_null(mh->src)))
+               goto err_drop;
+
+       /* dest address: as above, but allow broadcast */
+       if (!(mctp_address_unicast(mh->dest) || mctp_address_null(mh->dest) ||
+             mctp_address_broadcast(mh->dest)))
+               goto err_drop;
+
        /* MCTP drivers must populate halen/haddr */
        if (dev->type == ARPHRD_MCTP) {
                cb = mctp_cb(skb);