lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 14 Apr 2015 14:23:00 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	eric.dumazet@...il.com
Cc:	sebastian.poehn@...il.com, Yanjun.Zhu@...driver.com,
	netdev@...r.kernel.org, fw@...len.de
Subject: Re: [PATCH] ip_forward: Drop frames with attached skb->sk

From: Eric Dumazet <eric.dumazet@...il.com>
Date: Tue, 14 Apr 2015 04:54:47 -0700

> On Tue, 2015-04-14 at 08:40 +0200, Sebastian Poehn wrote:
>> On Tue, 2015-04-14 at 14:33 +0800, yzhu1 wrote:
>> > On 04/14/2015 01:52 PM, Sebastian Poehn wrote:
>> > > Initial discussion was:
>> > > [FYI] xfrm: Don't lookup sk_policy for timewait sockets
>> > >
>> > > Forwarded frames should not have a socket attached. Especially
>> > > tw sockets will lead to panics later-on in the stack.
>> > >
>> > > This was observed with TPROXY assigning a tw socket and broken
>> > > policy routing (misconfigured). As a result frame enters
>> > > forwarding path instead of input. We cannot solve this in
>> > > TPROXY as it cannot know that policy routing is broken.
>> > >
>> > > Signed-off-by: Sebastian Poehn <sebastian.poehn@...il.com>
>> > > ---
>> > > diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
>> > > index 939992c..2fc3b3e 100644
>> > > --- a/net/ipv4/ip_forward.c
>> > > +++ b/net/ipv4/ip_forward.c
>> > > @@ -82,6 +82,10 @@ int ip_forward(struct sk_buff *skb)
>> > >   	if (skb->pkt_type != PACKET_HOST)
>> > >   		goto drop;
>> > >   
>> > > +	/* this should happen neither */
>> > Sorry. "neither" should be "either"?
>> 
>>         /* that should never happen */
>>         if (skb->pkt_type != PACKET_HOST)
>>                 goto drop;
>> 
>>         /* this should happen neither */
>>         if (unlikely(skb->sk))
>>                 goto drop;
>> 
>> Both of them should never happen.
> 
> I do not feel the comment is useful in this form.
> 
> I would prefer explicit TPROXY reference, maybe using this :
> 
> #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY)
> 	if (skb->sk)
> 		goto drop;
> #endif
> 
> changelog will precisely describes the problem for the curious readers.

I suspect we really want this test unconditionally, because we are not able
to safely operate past this point if skb->sk is NULL regardless of what made
it that way.

At least, I'll sleep more soundly at night :)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ