| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Jul 2014 10:03:49 +0300
From: Dan Aloni <dan@...nelim.com>
To: Loic Prylli <loicp@...gle.com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Timo Teräs <timo.teras@....fi>,
Jiri Pirko <jiri@...nulli.us>
Subject: Re: [PATCH] net: Fix NETDEV_CHANGE notifier usage causing spurious
arp flush
On Tue, Jul 01, 2014 at 09:39:43PM -0700, Loic Prylli wrote:
> A bug was introduced in NETDEV_CHANGE notifier sequence causing the
> arp table to be sometimes spuriously cleared (including manual arp
> entries marked permanent), upon network link carrier changes.
>
> The changed argument for the notifier was applied only to a single
> caller of NETDEV_CHANGE, missing among others netdev_state_change().
> So upon net_carrier events induced by the network, which are
> triggering a call to netdev_state_change(), arp_netdev_event() would
> decide whether to clear or not arp cache based on random/junk stack
> values (a kind of read buffer overflow).
[..]
> {
> if (dev->flags & IFF_UP) {
> - call_netdevice_notifiers(NETDEV_CHANGE, dev);
> + struct netdev_notifier_change_info change_info;
> +
> + change_info.flags_changed = 0;
I think it would be safer to do:
struct netdev_notifier_change_info change_info = {};
So that when future fields are added to the struct and this call-site
happens to be forgotten, they will get 0 by default rather than
random stack values.
--
Dan Aloni
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists