lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 20 Jun 2018 08:04:38 +0900 (KST)
From:   David Miller <davem@...emloft.net>
To:     dsahern@...nel.org
Cc:     netdev@...r.kernel.org, lberger@...n.net,
        renato@...nsourcerouting.org, dsahern@...il.com
Subject: Re: [PATCH net] net/tcp: Fix socket lookups with SO_BINDTODEVICE

From: dsahern@...nel.org
Date: Mon, 18 Jun 2018 12:30:37 -0700

> From: David Ahern <dsahern@...il.com>
> 
> Similar to 69678bcd4d2d ("udp: fix SO_BINDTODEVICE"), TCP socket lookups
> need to fail if dev_match is not true. Currently, a packet to a given port
> can match a socket bound to device when it should not. In the VRF case,
> this causes the lookup to hit a VRF socket and not a global socket
> resulting in a response trying to go through the VRF when it should it.
                                                                      ^^^

"not", I fixed this up for you.

> Fixes: 3fa6f616a7a4d ("net: ipv4: add second dif to inet socket lookups")
> Fixes: 4297a0ef08572 ("net: ipv6: add second dif to inet6 socket lookups")
> Reported-by: Lou Berger <lberger@...n.net>
> Diagnosed-by: Renato Westphal <renato@...nsourcerouting.org>
> Tested-by: Renato Westphal <renato@...nsourcerouting.org>
> Signed-off-by: David Ahern <dsahern@...il.com>

Applied and queued up for -stable, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ