lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Jul 2018 18:21:15 +0800 From: Xin Long <lucien.xin@...il.com> To: network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org Cc: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, Neil Horman <nhorman@...driver.com>, davem@...emloft.net, hideaki.yoshifuji@...aclelinux.com Subject: [PATCHv2 net-next 5/5] sctp: check for ipv6_pinfo legal sndflow with flowlabel in sctp_v6_get_dst The transport with illegal flowlabel should not be allowed to send packets. Other transport protocols already denies this. Signed-off-by: Xin Long <lucien.xin@...il.com> --- net/sctp/ipv6.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 772513d..d83ddc4 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -262,6 +262,15 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, if (t->flowlabel & SCTP_FLOWLABEL_SET_MASK) fl6->flowlabel = htonl(t->flowlabel & SCTP_FLOWLABEL_VAL_MASK); + if (np->sndflow && (fl6->flowlabel & IPV6_FLOWLABEL_MASK)) { + struct ip6_flowlabel *flowlabel; + + flowlabel = fl6_sock_lookup(sk, fl6->flowlabel); + if (!flowlabel) + goto out; + fl6_sock_release(flowlabel); + } + pr_debug("%s: dst=%pI6 ", __func__, &fl6->daddr); if (asoc) -- 2.1.0
Powered by blists - more mailing lists