diff options
6 files changed, 219 insertions, 1 deletions
diff --git a/net-misc/batman-adv/ChangeLog b/net-misc/batman-adv/ChangeLog index 52c0748b36eb..f4fd4fda8963 100644 --- a/net-misc/batman-adv/ChangeLog +++ b/net-misc/batman-adv/ChangeLog @@ -1,6 +1,20 @@ # ChangeLog for net-misc/batman-adv # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/batman-adv/ChangeLog,v 1.10 2013/01/14 11:08:42 xmw Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/batman-adv/ChangeLog,v 1.11 2013/02/17 21:57:32 xmw Exp $ + +*batman-adv-2013.0.0_p20130215 (17 Feb 2013) + + 17 Feb 2013; Michael Weber <xmw@gentoo.org> + +batman-adv-2013.0.0_p20130215.ebuild, + +files/batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.pat + ch, + +files/batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.pat + ch, + +files/batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.pat + ch, + +files/batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.pat + ch: + Version bump to patchset of Feb 15th. Thanks Antonio Quartulli, bug 457826. *batman-adv-2013.0.0 (14 Jan 2013) diff --git a/net-misc/batman-adv/batman-adv-2013.0.0_p20130215.ebuild b/net-misc/batman-adv/batman-adv-2013.0.0_p20130215.ebuild new file mode 100644 index 000000000000..d7836ac8c434 --- /dev/null +++ b/net-misc/batman-adv/batman-adv-2013.0.0_p20130215.ebuild @@ -0,0 +1,46 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/batman-adv/batman-adv-2013.0.0_p20130215.ebuild,v 1.1 2013/02/17 21:57:32 xmw Exp $ + +EAPI=4 + +MY_P=${PN}-2013.0.0 +S=${WORKDIR}/${MY_P} +CONFIG_CHECK="~!CONFIG_BATMAN_ADV" +MODULE_NAMES="${PN}(net:${S}:${S})" +BUILD_TARGETS="all" + +inherit base linux-mod + +DESCRIPTION="Better approach to mobile Ad-Hoc networking on layer 2 kernel module" +HOMEPAGE="http://www.open-mesh.org/" +SRC_URI="http://downloads.open-mesh.org/batman/stable/sources/${PN}/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="bla dat debug" + +DEPEND="" +RDEPEND="" + +PATCHES=( + "${FILESDIR}"/${MY_P}-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch + "${FILESDIR}"/${MY_P}-0002-check-for-more-types-of-invalid-IP-addres.patch + "${FILESDIR}"/${MY_P}-0003-filter-ARP-packets-with-invalid-MAC-addre.patch + "${FILESDIR}"/${MY_P}-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch +) + +src_compile() { + BUILD_PARAMS="CONFIG_BATMAN_ADV_DEBUG=$(use debug && echo y || echo n)" + BUILD_PARAMS+=" CONFIG_BATMAN_ADV_BLA=$(use bla && echo y || echo n)" + BUILD_PARAMS+=" CONFIG_BATMAN_ADV_DAT=$(use dat && echo y || echo n)" + export BUILD_PARAMS + export KERNELPATH="${KERNEL_DIR}" + linux-mod_src_compile +} + +src_install() { + linux-mod_src_install + dodoc README CHANGELOG +} diff --git a/net-misc/batman-adv/files/batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch b/net-misc/batman-adv/files/batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch new file mode 100644 index 000000000000..9f6c0ffcd086 --- /dev/null +++ b/net-misc/batman-adv/files/batman-adv-2013.0.0-0001-fix-skb-leak-in-batadv_dat_snoop_incoming.patch @@ -0,0 +1,33 @@ +From 977d8c6f9253ad71e4bd8e4be2705c3bee684feb Mon Sep 17 00:00:00 2001 +From: Matthias Schiffer <mschiffer@universe-factory.net> +Date: Wed, 23 Jan 2013 18:11:53 +0100 +Subject: [PATCH 1/4] batman-adv: fix skb leak in + batadv_dat_snoop_incoming_arp_reply() + +The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been +freed when it returns true; fix this by calling kfree_skb before returning as +it is done in batadv_dat_snoop_incoming_arp_request(). + +Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> +Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> +Acked-by: Antonio Quartulli <ordex@autistici.org> +--- + distributed-arp-table.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/distributed-arp-table.c b/distributed-arp-table.c +index 7485a78..9f4cff3 100644 +--- a/distributed-arp-table.c ++++ b/distributed-arp-table.c +@@ -1012,6 +1012,8 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv, + */ + ret = !batadv_is_my_client(bat_priv, hw_dst); + out: ++ if (ret) ++ kfree_skb(skb); + /* if ret == false -> packet has to be delivered to the interface */ + return ret; + } +-- +1.8.1.2 + diff --git a/net-misc/batman-adv/files/batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch b/net-misc/batman-adv/files/batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch new file mode 100644 index 000000000000..4829491a491d --- /dev/null +++ b/net-misc/batman-adv/files/batman-adv-2013.0.0-0002-check-for-more-types-of-invalid-IP-addres.patch @@ -0,0 +1,36 @@ +From 3b24193d7cfc18f0cc005811ca4aab3479c2f1c6 Mon Sep 17 00:00:00 2001 +From: Matthias Schiffer <mschiffer@universe-factory.net> +Date: Thu, 24 Jan 2013 18:18:26 +0100 +Subject: [PATCH 2/4] batman-adv: check for more types of invalid IP addresses + in DAT + +There are more types of IP addresses that may appear in ARP packets that we +don't want to process. While some of these should never appear in sane ARP +packets, a 0.0.0.0 source is used for duplicate address detection and thus seen +quite often. + +Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> +Acked-by: Antonio Quartulli <ordex@autistici.org> +Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> +--- + distributed-arp-table.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/distributed-arp-table.c b/distributed-arp-table.c +index 9f4cff3..be3be28 100644 +--- a/distributed-arp-table.c ++++ b/distributed-arp-table.c +@@ -777,7 +777,9 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, + ip_src = batadv_arp_ip_src(skb, hdr_size); + ip_dst = batadv_arp_ip_dst(skb, hdr_size); + if (ipv4_is_loopback(ip_src) || ipv4_is_multicast(ip_src) || +- ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst)) ++ ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst) || ++ ipv4_is_zeronet(ip_src) || ipv4_is_lbcast(ip_src) || ++ ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst)) + goto out; + + type = ntohs(arphdr->ar_op); +-- +1.8.1.2 + diff --git a/net-misc/batman-adv/files/batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch b/net-misc/batman-adv/files/batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch new file mode 100644 index 000000000000..e3cc165f24af --- /dev/null +++ b/net-misc/batman-adv/files/batman-adv-2013.0.0-0003-filter-ARP-packets-with-invalid-MAC-addre.patch @@ -0,0 +1,51 @@ +From ab361a9ccc584e7501c06bfe1c00cb0411feebaf Mon Sep 17 00:00:00 2001 +From: Matthias Schiffer <mschiffer@universe-factory.net> +Date: Thu, 24 Jan 2013 18:18:27 +0100 +Subject: [PATCH 3/4] batman-adv: filter ARP packets with invalid MAC addresses + in DAT + +We never want multicast MAC addresses in the Distributed ARP Table, so it's +best to completely ignore ARP packets containing them where we expect unicast +addresses. + +Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> +Acked-by: Antonio Quartulli <ordex@autistici.org> +Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> +--- + distributed-arp-table.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/distributed-arp-table.c b/distributed-arp-table.c +index be3be28..ea0bd31 100644 +--- a/distributed-arp-table.c ++++ b/distributed-arp-table.c +@@ -738,6 +738,7 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, + struct arphdr *arphdr; + struct ethhdr *ethhdr; + __be32 ip_src, ip_dst; ++ uint8_t *hw_src, *hw_dst; + uint16_t type = 0; + + /* pull the ethernet header */ +@@ -782,6 +783,18 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, + ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst)) + goto out; + ++ hw_src = batadv_arp_hw_src(skb, hdr_size); ++ if (is_zero_ether_addr(hw_src) || is_multicast_ether_addr(hw_src)) ++ goto out; ++ ++ /* we don't care about the destination MAC address in ARP requests */ ++ if (arphdr->ar_op != htons(ARPOP_REQUEST)) { ++ hw_dst = batadv_arp_hw_dst(skb, hdr_size); ++ if (is_zero_ether_addr(hw_dst) || ++ is_multicast_ether_addr(hw_dst)) ++ goto out; ++ } ++ + type = ntohs(arphdr->ar_op); + out: + return type; +-- +1.8.1.2 + diff --git a/net-misc/batman-adv/files/batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch b/net-misc/batman-adv/files/batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch new file mode 100644 index 000000000000..bdd4bd4cd29f --- /dev/null +++ b/net-misc/batman-adv/files/batman-adv-2013.0.0-0004-Fix-NULL-pointer-dereference-in-DAT-hash-.patch @@ -0,0 +1,38 @@ +From 9f1fb6914d66e282c2b1f51aa2d4a231c84df84d Mon Sep 17 00:00:00 2001 +From: Pau Koning <paukoning@gmail.com> +Date: Fri, 15 Feb 2013 00:18:56 +0100 +Subject: [PATCH 4/4] batman-adv: Fix NULL pointer dereference in DAT hash + collision avoidance + +An entry in DAT with the hashed position of 0 can cause a NULL pointer +dereference when the first entry is checked by batadv_choose_next_candidate. +This first candidate automatically has the max value of 0 and the max_orig_node +of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible +will lead to a NULL pointer dereference when checking for the lowest address. + +This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8 +("batman-adv: Distributed ARP Table - create DHT helper functions"). + +Signed-off-by: Pau Koning <paukoning@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> +--- + distributed-arp-table.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/distributed-arp-table.c b/distributed-arp-table.c +index ea0bd31..761a590 100644 +--- a/distributed-arp-table.c ++++ b/distributed-arp-table.c +@@ -440,7 +440,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res, + /* this is an hash collision with the temporary selected node. Choose + * the one with the lowest address + */ +- if ((tmp_max == max) && ++ if ((tmp_max == max) && max_orig_node && + (batadv_compare_eth(candidate->orig, max_orig_node->orig) > 0)) + goto out; + +-- +1.8.1.2 + |