| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Dec 2018 21:38:27 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: sbrivio@...hat.com
Cc: syzbot+43f6755d1c2e62743468@...kaller.appspotmail.com,
dvyukov@...gle.com, paulmck@...ux.ibm.com, eric.dumazet@...il.com,
arjan@...ux.intel.com, akpm@...ux-foundation.org,
josh@...htriplett.org, mingo@...nel.org,
syzkaller-bugs@...glegroups.com, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH net-next] fou: Prevent unbounded recursion in GUE error
handler
From: Stefano Brivio <sbrivio@...hat.com>
Date: Tue, 18 Dec 2018 00:13:17 +0100
> Handling exceptions for direct UDP encapsulation in GUE (that is,
> UDP-in-UDP) leads to unbounded recursion in the GUE exception handler,
> syzbot reported.
>
> While draft-ietf-intarea-gue-06 doesn't explicitly forbid direct
> encapsulation of UDP in GUE, it probably doesn't make sense to set up GUE
> this way, and it's currently not even possible to configure this.
>
> Skip exception handling if the GUE proto/ctype field is set to the UDP
> protocol number. Should we need to handle exceptions for UDP-in-GUE one
> day, we might need to either explicitly set a bound for recursion, or
> implement a special iterative handling for these cases.
>
> Reported-and-tested-by: syzbot+43f6755d1c2e62743468@...kaller.appspotmail.com
> Fixes: b8a51b38e4d4 ("fou, fou6: ICMP error handlers for FoU and GUE")
> Signed-off-by: Stefano Brivio <sbrivio@...hat.com>
Applied, thanks.
Powered by blists - more mailing lists