It is possible to configure IP interfaces with IPv4-mapped addresses, and
one can add IPv6 routes for IPv4-mapped destinations/prefixes, yet prior
to this fix the kernel returned an EINVAL when attempting to add an IPv6
route with an IPv4-mapped address as a nexthop/gateway.
RFC 4798 (a proposed standard RFC) uses IPv4-mapped addresses as nexthops,
thus in order to support that type of address configuration the kernel
needs to allow IPv4-mapped addresses as nexthops.
Signed-off-by: Erik Nordmark <nordmark@arista.com>
Signed-off-by: Bob Gilligan <gilligan@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.5&id=96d5822c1d812ed30da035795a4408f43fe533f3
__tcp_splice_read() returns 0, and sk_wait_data() immediately
returns since there is the problematic skb in queue.
This is a nice way to burn cpu (aka infinite loop) and trigger
soft lockups.
Again, this gem was found by syzkaller tool.
Fixes: 9c55e01c0cc8 ("[TCP]: Splice receive support.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/tcp.c?h=v5.5&id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82
Finally :-)
fix for: emf was not working at all! See log file ...
Jan 1 01:00:09 Tomato-Router kern.warn kernel: EMF Instance doesn't exist
Jan 1 01:00:09 Tomato-Router kern.warn kernel: IGMP Snooper couldn't register with EMF
Jan 1 01:00:09 Tomato-Router kern.warn kernel: IGSC init failed
tested with RT-N18U, working!
- pppd.h: Add missing headers
Signed-off-by: Rosen Penev <rosenp@gmail.com>
03104baaa8
- pppd: Don't free static string
Commit fcb076c ("Various fixes for errors found by coverity static
analysis (#109)", 2019-05-06) added statements to free the result
returned from get_first_ethernet(). However, the result of
get_first_ethernet() is not dynamically allocated, either on Linux
or Solaris. Hence this removes the unnecessary (and dangerous)
free() statements.
Fixes: fcb076c ("Various fixes for errors found by coverity static analysis (#109)")
Reported-by: Florian Kohnhäuser <florian@kohnhaeuser.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
09f695f09e
- pppd: Limit memory accessed by string formats with max length specified
Currently, calls to [v]slprintf that have a string format (%s, %v,
%q) with a maximum length specified (e.g. %.20s) do a strlen() on
the string, and can therefore access memory beyond the maximum
length specified. If the string is not null-terminated, this could
result in an out-of-bounds read.
This makes vslprintf use strnlen() in cases where a maximum length
has been specified, so that we don't access the string beyond the
maximum length that was given.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
b311e98b1d
- pppd: Make sure word read from options file is null-terminated
If a word read from an options file was longer than MAXWORDLEN,
we could pass it to option_error() without null termination,
which could have lead to an out-of-bounds access in vslprintf.
Make sure word[] is null terminated in all cases.
Reported-by: Florian Kohnhäuser <florian@kohnhaeuser.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
c10c3c7cb3
- pppd: Avoid use of strnlen (and strlen) in vslprintf
Commit b311e98 ("pppd: Limit memory accessed by string formats with
max length specified") added calls to strnlen() in vslprintf().
Unfortunately, strnlen() is not provided in some standard C libraries.
This changes the code to avoid using strnlen(). Using the observation
that the number of characters we can use from the input string is
bounded by buflen, the number of bytes of output buffer available,
we can also avoid doing strlen() on a potentially long string.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
5d034034a6
- commit #5c08f06 introduced an upstream change: 'Use openssl for DES instead of libcrypt / glibc', with no choice of libcrypt (only libdes and OpenSSL).
It requires OpenSSL 1.0.2 and prevents compilation with OpenSSL 1.1. This commit fixes it.
Based on PR: 264707afd0
M_ars
pedro