| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 03 Jan 2011 11:04:18 +0100
From: Johannes Berg <johannes@...solutions.net>
To: "Winkler, Tomas" <tomas.winkler@...el.com>
Cc: "davem@...emloft.net" <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Stephen Hemminger <shemminger@...tta.com>
Subject: RE: [PATCH 1/1 V3] bridge: fix br_multicast_ipv6_rcv for paged skbs
On Mon, 2011-01-03 at 11:43 +0200, Winkler, Tomas wrote:
> > > - struct mld_msg *mld = (struct mld_msg *)icmp6h;
> > > + struct mld_msg *mld;
> > > + if (!pskb_may_pull(skb2, sizeof(*mld))) {
> > > + err = -EINVAL;
> > > + goto out;
> > > + }
> > > + mld = (struct mld_msg *)icmp6h;
> >
> > This (and the second instance) is incorrect afaict -- the pointer
> > "icmp6h" should be reloaded after the pskb_may_pull(), no?
>
> mld_msg is bigger than icmp6h by sizeof(in6_addr) so we have to try pull again a bigger chunk.
Right, I know, the pskb_may_pull() is needed, but I believe you need to
re-calculate icmp6h here.
> > Also, the "out_nopush" thing is pointless since the push is completely
> > unnecessary as "skb2 != skb" is always true.
>
> You are right if skb_clone doesn't return the same pointer then yes.
> Shame, but I'm not a sbk expert. I'm diving into it now.
I'm pretty sure it's guaranteed to return a new pointer.
johannes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists