Hi!
The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
I could not find better place to reply.
I see this patch is queued for 5.10 and 4.19. But it is wrong:
From 4619bcf91399f00a40885100fb61d594d8454033 Mon Sep 17 00:00:00 2001
From: David Ahern dsahern@kernel.org Date: Thu, 30 Dec 2021 17:36:33 -0700 Subject: [PATCH] ipv6: Check attribute length for RTA_GATEWAY in multipath route
Commit referenced in the Fixes tag used nla_memcpy for RTA_GATEWAY as does the current nla_get_in6_addr. nla_memcpy protects against accessing memory greater than what is in the attribute, but there is no check requiring the attribute to have an IPv6 address. Add it.
Fixes: 51ebd3181572 ("ipv6: add support of equal cost multipath (ECMP)")
...> @@ -5264,7 +5277,13 @@ static int ip6_route_multipath_add(struct fib6_config *cfg,
nla = nla_find(attrs, attrlen, RTA_GATEWAY); if (nla) {
r_cfg.fc_gateway = nla_get_in6_addr(nla);
int ret;
ret = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
extack);
if (ret)
return ret;
Direct return may not be used here. It needs to goto cleanup.
It is already fixed in mainline, so you can probably just cherry-pick followup patch, too.
Best regards, Pavel