lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2007 16:22:20 +0300 From: Alexey Kuznetsov <kuznet@....inr.ac.ru> To: David Miller <davem@...emloft.net> Cc: raivis@...lv, netdev@...r.kernel.org, waltje@...lt.NL.Mugnet.ORG, gw4pts@...pts.ampr.org, dim@...nvz.org Subject: Re: [BUG] problem with BPF in PF_PACKET sockets, introduced in linux-2.6.19 Hello! > So this whole idea to make run_filter() return signed integers > and fail on negative is entirely flawed, it simply cannot work > and retain the expected semantics which have been there forever. Actually, it can. Return value was used only as sign of error, so that the mistake was to return original unsigned result casted to int. Alternative fix is enclosed. To be honest, it is not better than yours: duplication of couple lines of code against passing return value by pointer. Alexey diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index da73e8a..51e5537 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -437,11 +437,13 @@ static inline int run_filter(struct sk_b rcu_read_lock_bh(); filter = rcu_dereference(sk->sk_filter); if (filter != NULL) { - err = sk_run_filter(skb, filter->insns, filter->len); - if (!err) + unsigned int res; + + res = sk_run_filter(skb, filter->insns, filter->len); + if (!res) err = -EPERM; - else if (*snaplen > err) - *snaplen = err; + else if (*snaplen > res) + *snaplen = res; } rcu_read_unlock_bh(); - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists