lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 8 Nov 2012 13:18:08 +0000
From:	KY Srinivasan <kys@...rosoft.com>
To:	Tomas Hozza <thozza@...hat.com>,
	"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"devel@...uxdriverproject.org" <devel@...uxdriverproject.org>,
	"olaf@...fle.de" <olaf@...fle.de>,
	"apw@...onical.com" <apw@...onical.com>,
	"jasowang@...hat.com" <jasowang@...hat.com>
Subject: RE: [PATCH] tools: hv: Netlink source address validation allows DoS



> -----Original Message-----
> From: Tomas Hozza [mailto:thozza@...hat.com]
> Sent: Thursday, November 08, 2012 4:53 AM
> To: gregkh@...uxfoundation.org; linux-kernel@...r.kernel.org;
> devel@...uxdriverproject.org; olaf@...fle.de; apw@...onical.com;
> jasowang@...hat.com; KY Srinivasan
> Cc: Tomas Hozza
> Subject: [PATCH] tools: hv: Netlink source address validation allows DoS
> 
> The source code without this patch caused hypervkvpd to exit when it processed
> a spoofed Netlink packet which has been sent from an untrusted local user.
> Now Netlink messages with a non-zero nl_pid source address are ignored
> and a warning is printed into the syslog.
> 
> Signed-off-by: Tomas Hozza <thozza@...hat.com>
Acked-by:  K. Y. Srinivasan <kys@...rosoft.com>

> ---
>  tools/hv/hv_kvp_daemon.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
> index 13c2a14..c1d9102 100755
> --- a/tools/hv/hv_kvp_daemon.c
> +++ b/tools/hv/hv_kvp_daemon.c
> @@ -1486,13 +1486,19 @@ int main(void)
>  		len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
>  				addr_p, &addr_l);
> 
> -		if (len < 0 || addr.nl_pid) {
> +		if (len < 0) {
>  			syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
>  					addr.nl_pid, errno, strerror(errno));
>  			close(fd);
>  			return -1;
>  		}
> 
> +		if (addr.nl_pid) {
> +			syslog(LOG_WARNING, "Received packet from untrusted
> pid:%u",
> +					addr.nl_pid);
> +			continue;
> +		}
> +
>  		incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
>  		incoming_cn_msg = (struct cn_msg
> *)NLMSG_DATA(incoming_msg);
>  		hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
> --
> 1.7.11.7
> 
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ