lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 4 Mar 2014 21:00:10 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Linus Lüssing <linus.luessing@....de>
Cc:	netdev@...r.kernel.org, bridge@...ts.linux-foundation.org,
	Stephen Hemminger <stephen@...workplumber.org>,
	"David S. Miller" <davem@...emloft.net>,
	linux-kernel@...r.kernel.org, Jan Stancek <jstancek@...hat.com>,
	Florian Westphal <fwestpha@...hat.com>
Subject: Re: [PATCH] bridge: multicast: add sanity check for query source addresses

On Tue, Mar 04, 2014 at 11:43:55AM +0100, Linus Lüssing wrote:
> On Tue, Mar 04, 2014 at 10:06:14AM +0100, Hannes Frederic Sowa wrote:
> > > diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
> > > index ef66365..fb0e36f 100644
> > > --- a/net/bridge/br_multicast.c
> > > +++ b/net/bridge/br_multicast.c
> > > @@ -1235,6 +1235,12 @@ static int br_ip6_multicast_query(struct net_bridge *br,
> > >  	    (port && port->state == BR_STATE_DISABLED))
> > >  		goto out;
> > >  
> > > +	/* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */
> > > +	if (!(ipv6_addr_type(&ip6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
> > > +		err = -EINVAL;
> > > +		goto out;
> > > +	}
> > > +
> > 
> > Shouldn't we allow empty source address, here?
> > 
> > Routers are supposed to drop them but bridges care. Linux uses ::
> > as source address as long as no valid LL addresses are available,
> > e.g. at boot-up (RFC3810 5.2.13.).
> 
> RFC3810, 5.2.13. refers to MLD reports, not queries, so that
> shouldn't be relevant, section 5.1.14 should apply. Also the
> bridge code only issues queries with a valid link-local source
> address (see br_ip6_multicast_alloc_query() in
> net/bridge/br_multicast.c). Where does Linux use :: for queries?

Sorry, I confused queries with reports.
Your patch looks good, same check as in igmp6_event_query.

Reviewed-by: Hannes Frederic Sowa <hannes@...essinduktion.org>

Bye,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists