lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Nov 2013 10:38:10 -0500 From: Vlad Yasevich <vyasevich@...il.com> To: Daniel Borkmann <dborkman@...hat.com>, davem@...emloft.net CC: netdev@...r.kernel.org, linux-sctp@...r.kernel.org, Wang Weidong <wangweidong1@...wei.com>, Eric Dumazet <eric.dumazet@...il.com> Subject: Re: [PATCH net] net: sctp: fix copying sk_v6_rcv_saddr in sctp_v6_create_accept_sk On 11/19/2013 05:51 AM, Daniel Borkmann wrote: > Wang reported an issue that lksctp's test_getname_v6 seems to fail. > > The issue is that we do not copy sk_v6_rcv_saddr over to the new > socket, although the comment above says so regarding rcv_saddr. > > Commit 914e1c8b6980 ("sctp: Inherit all socket options from parent > correctly.") originally moved that over to sctp_copy_sock(), but > after commit efe4208f47f9 ("ipv6: make lookups simpler and faster") > this no longer holds and the actual value of sk_v6_rcv_saddr was > no longer being migrated. > > With this patch, the lksctp test suite passes again for IPv6. > > Fixes: efe4208f47f9 ("ipv6: make lookups simpler and faster") > Signed-off-by: Daniel Borkmann <dborkman@...hat.com> > Signed-off-by: Wang Weidong <wangweidong1@...wei.com> > Cc: Eric Dumazet <eric.dumazet@...il.com> > --- > net/sctp/ipv6.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c > index 7567e6f..be08592 100644 > --- a/net/sctp/ipv6.c > +++ b/net/sctp/ipv6.c > @@ -661,6 +661,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, > * and getpeername(). > */ > sctp_v6_to_sk_daddr(&asoc->peer.primary_addr, newsk); > + newsk->sk_v6_rcv_saddr = sk->sk_v6_rcv_saddr; > > sk_refcnt_debug_inc(newsk); > > This fixes the issue for the accept() case, but the bug is still there in the peeloff case. I think you should make sctp_copy_sock() use sock_copy() for now. It looks like it will catch all the cases. We can then look at possibly getting rid of sctp_copy_sock() for net-next. -vlad -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists