From 2a30b2bd01c23a7eeace3a3f82c2817227099805 Mon Sep 17 00:00:00 2001 From: Oliver Hartkopp Date: Wed, 25 Jan 2023 06:54:07 +0100 Subject: can: gw: give feedback on missing CGW_FLAGS_CAN_IIF_TX_OK flag To send CAN traffic back to the incoming interface a special flag has to be set. When creating a routing job for identical interfaces without this flag the rule is created but has no effect. This patch adds an error return value in the case that the CAN interfaces are identical but the CGW_FLAGS_CAN_IIF_TX_OK flag was not set. Reported-by: Jannik Hartung Signed-off-by: Oliver Hartkopp Link: https://lore.kernel.org/all/20230125055407.2053-1-socketcan@hartkopp.net Signed-off-by: Marc Kleine-Budde --- net/can/gw.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'net/can') diff --git a/net/can/gw.c b/net/can/gw.c index 23a3d89cad81..37528826935e 100644 --- a/net/can/gw.c +++ b/net/can/gw.c @@ -1139,6 +1139,13 @@ static int cgw_create_job(struct sk_buff *skb, struct nlmsghdr *nlh, if (gwj->dst.dev->type != ARPHRD_CAN) goto out; + /* is sending the skb back to the incoming interface intended? */ + if (gwj->src.dev == gwj->dst.dev && + !(gwj->flags & CGW_FLAGS_CAN_IIF_TX_OK)) { + err = -EINVAL; + goto out; + } + ASSERT_RTNL(); err = cgw_register_filter(net, gwj); -- cgit v1.2.3 From c6adf659a8ba85913e16a571d5a9bcd17d3d1234 Mon Sep 17 00:00:00 2001 From: Oliver Hartkopp Date: Wed, 4 Jan 2023 21:18:44 +0100 Subject: can: isotp: check CAN address family in isotp_bind() Add missing check to block non-AF_CAN binds. Syzbot created some code which matched the right sockaddr struct size but used AF_XDP (0x2C) instead of AF_CAN (0x1D) in the address family field: bind$xdp(r2, &(0x7f0000000540)={0x2c, 0x0, r4, 0x0, r2}, 0x10) ^^^^ This has no funtional impact but the userspace should be notified about the wrong address family field content. Link: https://syzkaller.appspot.com/text?tag=CrashLog&x=11ff9d8c480000 Reported-by: syzbot+5aed6c3aaba661f5b917@syzkaller.appspotmail.com Signed-off-by: Oliver Hartkopp Link: https://lore.kernel.org/all/20230104201844.13168-1-socketcan@hartkopp.net Signed-off-by: Marc Kleine-Budde --- net/can/isotp.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net/can') diff --git a/net/can/isotp.c b/net/can/isotp.c index 608f8c24ae46..a18450ffae01 100644 --- a/net/can/isotp.c +++ b/net/can/isotp.c @@ -1225,6 +1225,9 @@ static int isotp_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (len < ISOTP_MIN_NAMELEN) return -EINVAL; + if (addr->can_family != AF_CAN) + return -EINVAL; + /* sanitize tx CAN identifier */ if (tx_id & CAN_EFF_FLAG) tx_id &= (CAN_EFF_FLAG | CAN_EFF_MASK); -- cgit v1.2.3