lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 18 May 2007 03:57:53 +0300 (EEST)
From:	Julian Anastasov <ja@....bg>
To:	Patrick McHardy <kaber@...sh.net>
cc:	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
	James Morris <jmorris@...ei.org>,
	Curtis Doty <Curtis@...enKey.net>
Subject: Re: oops in net/ipv4/icmp.c:icmp_send() with icmp_errors_use_inbound_ifaddr
 (fwd)


	Hello,

On Thu, 17 May 2007, Patrick McHardy wrote:

> > saddr = iph->daddr;
> > if (!(rt->rt_flags & RTCF_LOCAL)) {
> >         if (sysctl_icmp_errors_use_inbound_ifaddr)
> > 
> > 
> >                 saddr = inet_select_addr(skb_in->dev, 0, RT_SCOPE_LINK);
> >         else
> >                 saddr = 0;
> > }

	While we are fixing this problem, is adding more logic
for the sysctl_icmp_errors_use_inbound_ifaddr case still working for its
users (untested code follows) ?:

	if (!(rt->rt_flags & RTCF_LOCAL)) {
		if (sysctl_icmp_errors_use_inbound_ifaddr && rt->fl.iif)
			saddr = inet_select_addr(skb_in->dev, iph->saddr,
				(rt->rt_flags & RTCF_DIRECTSRC) ?
				RT_SCOPE_LINK : RT_SCOPE_UNIVERSE);
		else
			saddr = 0;
	}

	Because this inet_select_addr call is too risky, it uses blindly
the first address (usually scope link). So,

- assume sysctl_icmp_errors_use_inbound_ifaddr is for packets from network,
work for input routes only (replaces check for skb_in->dev)

- prefer local address from the same subnet as sender (iph->saddr) or
it should be the target: icmp_param.replyopts.srr ? 
icmp_param.replyopts.faddr : iph->saddr as used below? Useful when input 
interface has many subnets.

- don't expose link addresses to sender if they are not known to it, sender
should be onlink to see them. If sender is not onlink and all our addresses
on input interface are scope link then we can not expose such addresses,
we risk to send from private address, for example, when our uplink
interface has only private addresses to talk with gateway and our
public IP is on internal interface where we are router for public subnet.
If we can not select address the routing still has chance to do it 
(from prefsrc or another interface).

	Also, any problems if icmp_send happens after SNAT changes
source? Or that is not possible? Because we think iph->saddr is
sender (target for our ICMP).

Regards

--
Julian Anastasov <ja@....bg>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ