lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Apr 2011 13:15:52 +0900 From: Hiroaki SHIMODA <shimoda.hiroaki@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Stephen Hemminger <shemminger@...tta.com>, David Miller <davem@...emloft.net>, lkml@...tdoyle.com, netdev@...r.kernel.org Subject: Re: [PATCH] ip: ip_options_compile() resilient to NULL skb route On Thu, 14 Apr 2011 05:37:43 +0200 Eric Dumazet <eric.dumazet@...il.com> wrote: > Indeed good catch, but should we return 0 or -EINVAL so that caller can > drop packet ? > > @@ -606,7 +606,7 @@ int ip_options_rcv_srr(struct sk_buff *skb) > if (!opt->srr) > return 0; > > - if (skb->pkt_type != PACKET_HOST) > + if (skb->pkt_type != PACKET_HOST || !rt) > return -EINVAL; > if (rt->rt_type == RTN_UNICAST) { > if (!opt->is_strictroute) > As your patch does we don't treat an skb without rt as error on bridge/netfilter context. So, I think returning 0 would be better off. But thinking of ip_options_rcv_srr() is called from another context again adding an extra check in br_parse_ip_options() is safer ? diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index f3bc322..10ac127 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -263,7 +263,7 @@ static int br_parse_ip_options(struct sk_buff *skb) if (in_dev && !IN_DEV_SOURCE_ROUTE(in_dev)) goto drop; - if (ip_options_rcv_srr(skb)) + if (skb_rtable(skb) && ip_options_rcv_srr(skb)) goto drop; } Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists