lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 25 Apr 2014 00:13:57 +0900
From:	Lorenzo Colitti <lorenzo@...gle.com>
To:	Lorenzo Colitti <lorenzo@...gle.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>,
	David Miller <davem@...emloft.net>,
	Eric Dumazet <eric.dumazet@...il.com>
Subject: Re: [PATCH net-next v4 1/3] net: ipv6: Unduplicate
 {raw,udp}v6_sendmsg code

On Fri, Apr 25, 2014 at 12:02 AM, Hannes Frederic Sowa
<hannes@...essinduktion.org> wrote:
> > I am afraid we could jump to do_append_data without having dontfrag
> > initialized. The jump happens before we call to ip6_datagram_send_common.
> >
> > So the initialization of dontfrag to -1 needs to be added to the caller.
>
> Also see e36d3ff91130002 (udp6: respect IPV6_DONTFRAG sockopt in case there
> are pending frames) which was a bug we had some time ago.

Hmm. So I'm the second person to trip over that goto. It doesn't help
that the compiler didn't notice that it could have been used
uninitialized.

I wonder, is it better to just initialize dontfrag to np->dontfrag
instead of -1 in the caller? ip6_datagram_send_ctl seems to just
overwrite dontfrag with whatever comes from userspace, so nobody ever
checks that it's < 0.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ