Bug 255273 - routed: mask sin_len too small
Summary: routed: mask sin_len too small
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 13.0-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: Alexander V. Chernikov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-20 16:57 UTC by Nathan Whitehorn
Modified: 2021-05-02 19:01 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nathan Whitehorn freebsd_committer 2021-04-20 16:57:52 UTC
Route installation using routed(8) fails on 13.0 with EINVAL and one instance of "mask sin_len too small" in the kernel message buffer per attempted route installation. The issue seems to have come in with this kernel commit:

https://cgit.freebsd.org/src/commit/?id=2fe5a79425c79f7b828acd91da66d97230925fc8
Comment 1 Alexander V. Chernikov freebsd_committer 2021-04-20 20:30:22 UTC
Hi Nathan,

https://reviews.freebsd.org/D29826 should the problem.
I'll test it with routed today, however, if you by any chance could give it a try as well, that would be awesome!
Comment 2 Alexander V. Chernikov freebsd_committer 2021-04-20 20:30:44 UTC
(In reply to Alexander V. Chernikov from comment #1)
* should fix the problem
Comment 3 commit-hook freebsd_committer 2021-04-20 21:35:29 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=b31fbebeb3d59af359a3417cddfbcf666b2c56c9

commit b31fbebeb3d59af359a3417cddfbcf666b2c56c9
Author:     Alexander V. Chernikov <melifaro@FreeBSD.org>
AuthorDate: 2021-04-19 20:49:18 +0000
Commit:     Alexander V. Chernikov <melifaro@FreeBSD.org>
CommitDate: 2021-04-20 21:34:19 +0000

    Relax rtsock message restrictions.

    Address multiple issues with strict rtsock message validation.

    D28668 "normalisation" approach was based on the assumption that
     we always have at least "standard" sockaddr len.
    It turned out to be false - certain older applications like quagga
     or routed abuse sin[6]_len field and set it to the offset to the
     first fully-zero bit in the mask. It is impossible to normalise
     such sockaddrs without reallocation.

    With that in mind, change the approach to use a distinct memory
     buffer for the altered sockaddrs. This allows supporting the older
     software while maintaining the guarantee on the "standard" sockaddrs.

    PR:     255273,255089
    Differential Revision:  https://reviews.freebsd.org/D29826
    MFC after:      3 days

 sys/net/rtsock.c | 271 ++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 177 insertions(+), 94 deletions(-)
Comment 4 commit-hook freebsd_committer 2021-04-26 09:12:21 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=6f1e5d9169a9cbd65b480cb7c1012c3360d2ba06

commit 6f1e5d9169a9cbd65b480cb7c1012c3360d2ba06
Author:     Alexander V. Chernikov <melifaro@FreeBSD.org>
AuthorDate: 2021-04-19 20:49:18 +0000
Commit:     Alexander V. Chernikov <melifaro@FreeBSD.org>
CommitDate: 2021-04-26 08:48:47 +0000

    Relax rtsock message restrictions.

    Address multiple issues with strict rtsock message validation.

    D28668 "normalisation" approach was based on the assumption that
     we always have at least "standard" sockaddr len.
    It turned out to be false - certain older applications like quagga
     or routed abuse sin[6]_len field and set it to the offset to the
     first fully-zero bit in the mask. It is impossible to normalise
     such sockaddrs without reallocation.

    With that in mind, change the approach to use a distinct memory
     buffer for the altered sockaddrs. This allows supporting the older
     software while maintaining the guarantee on the "standard" sockaddrs.

    PR:     255273,255089
    Differential Revision:  https://reviews.freebsd.org/D29826
    MFC after:      3 days

    (cherry picked from commit b31fbebeb3d59af359a3417cddfbcf666b2c56c9)

 sys/net/rtsock.c | 271 ++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 177 insertions(+), 94 deletions(-)