ipv6: do not set routes if disable_ipv6 has been enabled

Do not allow setting ipv6 routes from userspace if disable_ipv6 has been enabled. The issue can be triggered using the following reproducer: - sysctl net.ipv6.conf.all.disable_ipv6=1 - ip -6 route add a:b:c:d::/64 dev em1 - ip -6 route show a:b:c:d::/64 dev em1 metric 1024 pref medium Fix it checking disable_ipv6 value in ip6_route_info_create routine Signed-off-by: Lorenzo Bianconi <[email protected]> Signed-off-by: David S. Miller <[email protected]>
AXP-OS · Mar 30, 2018 · 428604f · 428604f
1 parent d162190
commit 428604f
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
@@ -2917,6 +2917,12 @@ static struct rt6_info *ip6_route_info_create(struct fib6_config *cfg,
 	if (!dev)
 		goto out;
 
+	if (idev->cnf.disable_ipv6) {
+		NL_SET_ERR_MSG(extack, "IPv6 is disabled on nexthop device");
+		err = -EACCES;
+		goto out;
+	}
+
 	if (!(dev->flags & IFF_UP)) {
 		NL_SET_ERR_MSG(extack, "Nexthop device is not up");
 		err = -ENETDOWN;