lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Mar 2014 21:00:10 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Linus Lüssing <linus.luessing@....de> Cc: netdev@...r.kernel.org, bridge@...ts.linux-foundation.org, Stephen Hemminger <stephen@...workplumber.org>, "David S. Miller" <davem@...emloft.net>, linux-kernel@...r.kernel.org, Jan Stancek <jstancek@...hat.com>, Florian Westphal <fwestpha@...hat.com> Subject: Re: [PATCH] bridge: multicast: add sanity check for query source addresses On Tue, Mar 04, 2014 at 11:43:55AM +0100, Linus Lüssing wrote: > On Tue, Mar 04, 2014 at 10:06:14AM +0100, Hannes Frederic Sowa wrote: > > > diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c > > > index ef66365..fb0e36f 100644 > > > --- a/net/bridge/br_multicast.c > > > +++ b/net/bridge/br_multicast.c > > > @@ -1235,6 +1235,12 @@ static int br_ip6_multicast_query(struct net_bridge *br, > > > (port && port->state == BR_STATE_DISABLED)) > > > goto out; > > > > > > + /* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */ > > > + if (!(ipv6_addr_type(&ip6h->saddr) & IPV6_ADDR_LINKLOCAL)) { > > > + err = -EINVAL; > > > + goto out; > > > + } > > > + > > > > Shouldn't we allow empty source address, here? > > > > Routers are supposed to drop them but bridges care. Linux uses :: > > as source address as long as no valid LL addresses are available, > > e.g. at boot-up (RFC3810 5.2.13.). > > RFC3810, 5.2.13. refers to MLD reports, not queries, so that > shouldn't be relevant, section 5.1.14 should apply. Also the > bridge code only issues queries with a valid link-local source > address (see br_ip6_multicast_alloc_query() in > net/bridge/br_multicast.c). Where does Linux use :: for queries? Sorry, I confused queries with reports. Your patch looks good, same check as in igmp6_event_query. Reviewed-by: Hannes Frederic Sowa <hannes@...essinduktion.org> Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists