| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Jan 2016 07:59:49 -0700
From: David Ahern <dsa@...ulusnetworks.com>
To: Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>,
Hajime Tazaki <thehajime@...il.com>, lucien.xin@...il.com,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Subject: Re: [PATCH net 1/2] ipv6: enforce flowi6_oif usage in
ip6_dst_lookup_tail()
On 1/27/16 6:45 AM, Paolo Abeni wrote:
> The current implementation of ip6_dst_lookup_tail() basically
> ignore the egress ifindex match: if the saddr is set,
> ip6_route_output() purposefully ignores flowi6_oif, due
> to the commit d46a9d678e4c ("net: ipv6: Dont add RT6_LOOKUP_F_IFACE
> flag if saddr set"), if the saddr is 'any' the first route lookup
> in ip6_dst_lookup_tail fails, but upon failure a second lookup will
> be performed with saddr set, thus ignoring the ifindex constraint.
>
> This commit adds an output route lookup function variant, which
> allows the caller to specify additional lookup flags, and modify
> ip6_dst_lookup_tail() to enforce the ifindex match on the second
> lookup via said helper.
>
> Fixes: d46a9d678e4c ("net: ipv6: Dont add RT6_LOOKUP_F_IFACE flag if saddr set")
> Signed-off-by: Paolo Abeni <pabeni@...hat.com>
I don't agree with that 'Fixes:' tag.
ip6_route_output did not add the RT6_LOOKUP_F_IFACE flag until
741a11d9e410; d46a9d678e4c is a follow on to limit adding the flag only
if no source address is given.
Since ip6_dst_lookup_tail never considered the flowi6_oif this is a
general bug fix rather than a fix of d46a9d678e4c.
Powered by blists - more mailing lists