lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 13 Mar 2017 18:39:42 +0100
From:   Florian Westphal <fw@...len.de>
To:     Dan Streetman <dan.streetman@...onical.com>
Cc:     David Miller <davem@...emloft.net>, fw@...len.de,
        eric.dumazet@...il.com, lkml@...ene.org, netdev@...r.kernel.org,
        netfilter-devel@...r.kernel.org
Subject: Re: ip_rcv_finish() NULL pointer kernel panic

Dan Streetman <dan.streetman@...onical.com> wrote:
> > But I have to say that this netfilter bridging fake dst has caused
> > several dozen bugs over the years, it is fundamentally a serious
> > problem in and of itself.  It provides DST facilities by hand, in a
> > static object, without using any of the usual methods for creating and
> > facilitating dst objects.
> >
> > Therefore every time someone makes an adjustment to common dst code,
> > this turd (and yes, it _is_ a turd) breaks.  Every single time.
> >
> > So in the long term, instead of polishing this turd, let's get rid of
> > it.
> 
> I'm getting reports of this bug as well; is anyone working on removing
> the bridge fake dst?

I don't see how we can ever remove it (unless we remove the
call-iptables feature of course).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ