| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241210164417.GA6554@kernel.org>
Date: Tue, 10 Dec 2024 16:44:17 +0000
From: Simon Horman <horms@...nel.org>
To: Antonio Quartulli <antonio@...nvpn.net>
Cc: netdev@...r.kernel.org, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Donald Hunter <donald.hunter@...il.com>,
Shuah Khan <shuah@...nel.org>, sd@...asysnail.net,
ryazanov.s.a@...il.com, Andrew Lunn <andrew+netdev@...n.ch>,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next v14 08/22] ovpn: implement basic RX path (UDP)
On Mon, Dec 09, 2024 at 09:53:17AM +0100, Antonio Quartulli wrote:
> Packets received over the socket are forwarded to the user device.
>
> Implementation is UDP only. TCP will be added by a later patch.
>
> Note: no decryption/decapsulation exists yet, packets are forwarded as
> they arrive without much processing.
>
> Signed-off-by: Antonio Quartulli <antonio@...nvpn.net>
...
> diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c
> index c0e7aa289ad3345fcd91e7c890f70961300c356f..975392fc39bc4c0107a07a53795afecd88d72c53 100644
> --- a/drivers/net/ovpn/udp.c
> +++ b/drivers/net/ovpn/udp.c
> @@ -23,9 +23,83 @@
> #include "bind.h"
> #include "io.h"
> #include "peer.h"
> +#include "proto.h"
> #include "socket.h"
> #include "udp.h"
>
> +/**
> + * ovpn_udp_encap_recv - Start processing a received UDP packet.
> + * @sk: socket over which the packet was received
> + * @skb: the received packet
> + *
> + * If the first byte of the payload is DATA_V2, the packet is further processed,
> + * otherwise it is forwarded to the UDP stack for delivery to user space.
> + *
> + * Return:
> + * 0 if skb was consumed or dropped
> + * >0 if skb should be passed up to userspace as UDP (packet not consumed)
> + * <0 if skb should be resubmitted as proto -N (packet not consumed)
> + */
> +static int ovpn_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
> +{
> + struct ovpn_priv *ovpn;
> + struct ovpn_peer *peer;
> + u32 peer_id;
> + u8 opcode;
> +
> + ovpn = ovpn_from_udp_sock(sk);
> + if (unlikely(!ovpn)) {
> + net_err_ratelimited("%s: cannot obtain ovpn object from UDP socket\n",
> + netdev_name(ovpn->dev));
Hi Antonio,
If we reach here then ovpn is NULL.
But the like above dereferences it.
Flagged by Smatch.
> + goto drop_noovpn;
> + }
...
--
pw-bot: changes-requested
Powered by blists - more mailing lists