lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 7 Jun 2008 12:01:51 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: netdev@...r.kernel.org Cc: bugme-daemon@...zilla.kernel.org, benedikt@...latz.net Subject: Re: [Bugme-new] [Bug 10880] New: include/linux/if_addr.h: negative preferred lifetimes of addresses On Sat, 7 Jun 2008 03:04:43 -0700 (PDT) bugme-daemon@...zilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=10880 > > Summary: include/linux/if_addr.h: negative preferred lifetimes of > addresses > Product: Networking > Version: 2.5 > KernelVersion: 2.6.25.4 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: IPV6 > AssignedTo: yoshfuji@...ux-ipv6.org > ReportedBy: benedikt@...latz.net > > > Recently, I noticed that iproute2 would return me preferred lifetimes of IPv6 > adresses close to 2^32 on links where prefixes are advertised with a preferred > lifetime of 0. A quick look into the source revealed that the preferred > lifetime is output using a format string containing "%u"; the incriminating > lines being > > struct ifa_cacheinfo *ci = RTA_DATA(rta_tb[IFA_CACHEINFO]); > char buf[128]; > fprintf(fp, "%s", _SL_); > [...] > if (ci->ifa_prefered == INFINITY_LIFE_TIME) > sprintf(buf+strlen(buf), " preferred_lft forever"); > else > sprintf(buf+strlen(buf), " preferred_lft %usec", > ci->ifa_prefered); > fprintf(fp, " %s", buf); > > When calling iproute2 oftenly shortly after a prefix has been advertised on the > link, one could see that there actually was an integer underflow going on (the > output changed from "0" to "forever" to 2^32-1). > > Interestringly, if_addr.h does define ifa_prefered to be a __u32, so iproute2 > merely implements the interface. RFC4862 mandates that the preferred lifetime > always is lower than or equal to the valid lifetime, which is also defined to > be a __u32. > > I'm certainly no expert in the linux kernel code, but this looks like a bug to > me. Why is ifa_prefered defined to be non-negative? > > Benedikt > > > -- > Configure bugmail: http://bugzilla.kernel.org/userprefs.cgi?tab=email > ------- You are receiving this mail because: ------- > You are on the CC list for the bug, or are watching someone who is. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists