lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 24 Jan 2013 12:01:01 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	walter harms <wharms@....de>
Cc:	"David S. Miller" <davem@...emloft.net>,
	Alexey Kuznetsov <kuznet@....inr.ac.ru>,
	James Morris <jmorris@...ei.org>,
	Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
	Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [patch] ip6mr: limit IPv6 MRT_TABLE identifiers

On Thu, Jan 24, 2013 at 09:22:56AM +0100, walter harms wrote:
> 
> 
> Am 24.01.2013 07:38, schrieb Dan Carpenter:
> > We did this for IPv4 in b49d3c1e1c "net: ipmr: limit MRT_TABLE
> > identifiers" but we need to do it for IPv6 as well.  On IPv6 the name
> > is "pim6reg" instead of "pimreg" so there is one less digit allowed.
> > 
> > The strcpy() is in ip6mr_reg_vif().
> > 
> > Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
> > 
> > diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
> > index acc3249..351ce98 100644
> > --- a/net/ipv6/ip6mr.c
> > +++ b/net/ipv6/ip6mr.c
> > @@ -1766,6 +1766,9 @@ int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, uns
> >  			return -EINVAL;
> >  		if (get_user(v, (u32 __user *)optval))
> >  			return -EFAULT;
> > +		/* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
> > +		if (v != RT_TABLE_DEFAULT && v >= 100000000)
> > +			return -EINVAL;
> >  		if (sk == mrt->mroute6_sk)
> >  			return -EBUSY;
> >  
> hi Dan,
> that comment left me in a bit confused, i guess you men
>   printf( "pim6reg%u",v) should not exceed IFNAMSIZ (16 bytes) ?

Yes.

> also the if is a bit strange, i assume that RT_TABLE_DEFAULT is const
> so anything else is rejected than v==RT_TABLE_DEFAULT
> (assuming that RT_TABLE_DEFAULT >= 100000000 ....)

I don't understand what you are saying.

The patch is basically copy and pasted from b49d3c1e1c "net: ipmr:
limit MRT_TABLE identifiers".  RT6_TABLE_DFLT is allowed to be a
high number because in ip6mr_reg_vif() we do:

        if (mrt->id == RT6_TABLE_DFLT)
                sprintf(name, "pim6reg");
        else
                sprintf(name, "pim6reg%u", mrt->id);

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ