lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 18 Jan 2018 16:22:57 -0500
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Jason Wang <jasowang@...hat.com>
Cc:     Network Development <netdev@...r.kernel.org>,
        David Miller <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Willem de Bruijn <willemb@...gle.com>,
        Vlad Yasevic <vyasevic@...hat.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Tom Herbert <tom@...bertland.com>
Subject: Re: [PATCH net] gso: validate gso_type if SKB_GSO_DODGY

> Aside from inet_gso_segment and ipv6_gso_segment, this only leaves the
> new nsh_gso_segment. Unlke mpls, it has its own gso_type, so
>
>         if (!skb_shinfo(skb)->gso_type & SKB_GSO_NSH)
>                 goto out;

This last point was incorrect. There is no such type for this protocol, so
we have to do the same as for MPLS. Either assume that it is robust
or be conservative and add

        if (skb_shinfo(skb)->gso_type & SKB_GSO_DODGY)
                goto out;

It looks correct on the surface and may already be relied upon, so I
suggest the first approach.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ