lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210802182057.2199810-1-richardsonnick@google.com>
Date:   Mon,  2 Aug 2021 18:20:53 +0000
From:   Nicholas Richardson <richardsonnick@...gle.com>
To:     davem@...emloft.net, kuba@...nel.org
Cc:     nrrichar@...u.edu, arunkaly@...gle.com,
        Nick Richardson <richardsonnick@...gle.com>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Di Zhu <zhudi21@...wei.com>, Ye Bin <yebin10@...wei.com>,
        Yejune Deng <yejune.deng@...il.com>,
        Leesoo Ahn <dev@...eel.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH v3] pktgen: Fix invalid clone_skb override

From: Nick Richardson <richardsonnick@...gle.com>

When the netif_receive xmit_mode is set, a line is supposed to set
clone_skb to a default 0 value. This line is made redundant due to a
preceding line that checks if clone_skb is more than zero and returns
-ENOTSUPP.

Only the positive case for clone_skb needs to be checked. It
is impossible for a user to set clone_skb to a negative number.
When a user passes a negative value for clone_skb, the num_arg()
function stops parsing at the first nonnumeric value.

For example: "clone_skb -200" would stop parsing at the
first char ('-') and return zero for the new clone_skb value.

The value read by num_arg() cannot be overflow-ed into the negative
range, since it is an unsigned long.

Remove redundant line that sets clone_skb to zero. If clone_skb is
equal to zero then set xmit_mode to netif_receive as usual and return
no error.

Signed-off-by: Nick Richardson <richardsonnick@...gle.com>
---
 net/core/pktgen.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 7e258d255e90..314f97acf39d 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -1190,11 +1190,6 @@ static ssize_t pktgen_if_write(struct file *file,
 			 * pktgen_xmit() is called
 			 */
 			pkt_dev->last_ok = 1;
-
-			/* override clone_skb if user passed default value
-			 * at module loading time
-			 */
-			pkt_dev->clone_skb = 0;
 		} else if (strcmp(f, "queue_xmit") == 0) {
 			pkt_dev->xmit_mode = M_QUEUE_XMIT;
 			pkt_dev->last_ok = 1;
-- 
2.32.0.554.ge1b32706d8-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ