net/route: enforce hoplimit max value

[ Upstream commit 626abd59e51d4d8c6367e03aae252a8aa759ac78 ]

Currently, when creating or updating a route, no check is performed
in both ipv4 and ipv6 code to the hoplimit value.

The caller can i.e. set hoplimit to 256, and when such route will
 be used, packets will be sent with hoplimit/ttl equal to 0.

This commit adds checks for the RTAX_HOPLIMIT value, in both ipv4
ipv6 route code, substituting any value greater than 255 with 255.

This is consistent with what is currently done for ADVMSS and MTU
in the ipv4 code.

[js] backport to 3.12: no ip6_convert_metrics yet, fix applied to
     ip6_route_add directly.

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

2 files changed, 7 insertions, 1 deletions

diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index ec12b169931b..82c28244ad96 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -860,6 +860,8 @@ struct fib_info *fib_create_info(struct fib_config *cfg)
 					val = 65535 - 40;
 				if (type == RTAX_MTU && val > 65535 - 15)
 					val = 65535 - 15;
+				if (type == RTAX_HOPLIMIT && val > 255)
+					val = 255;
 				fi->fib_metrics[type - 1] = val;
 			}
 		}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 0464f9a9d2dc..f862c7688c99 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1670,7 +1670,11 @@ install_route:
 					goto out;
 				}
 
-				dst_metric_set(&rt->dst, type, nla_get_u32(nla));
+				if (type == RTAX_HOPLIMIT && nla_get_u32(nla) > 255)
+					dst_metric_set(&rt->dst, type, 255);
+				else
+					dst_metric_set(&rt->dst, type,
+						nla_get_u32(nla));
 			}
 		}
 	}