lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Feb 2007 15:45:07 -0500 (EST) From: James Morris <jmorris@...ei.org> To: Paul Moore <paul.moore@...com> cc: netdev@...r.kernel.org Subject: Re: [PATCH] NetLabel: Verify sensitivity level has a valid CIPSO mapping On Wed, 28 Feb 2007, Paul Moore wrote: > The current CIPSO engine has a problem where it does not verify that the given > sensitivity level has a valid CIPSO mapping when the "std" CIPSO DOI type is > used. The end result is that bad packets are sent on the wire which should > have never been sent in the first place. This patch corrects this problem by > verifying the sensitivity level mapping similar to what is done with the > category mapping. This patch also changes the returned error code in this case > to -EPERM to better match what the category mapping verification code returns. > > Signed-off-by: Paul Moore <paul.moore@...com> [removed redhat-lspp, which is subscriber only] Acked-by: James Morris <jmorris@...ei.org> > --- > net/ipv4/cipso_ipv4.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > Index: net-2.6_bugfix/net/ipv4/cipso_ipv4.c > =================================================================== > --- net-2.6_bugfix.orig/net/ipv4/cipso_ipv4.c > +++ net-2.6_bugfix/net/ipv4/cipso_ipv4.c > @@ -732,11 +732,12 @@ static int cipso_v4_map_lvl_hton(const s > *net_lvl = host_lvl; > return 0; > case CIPSO_V4_MAP_STD: > - if (host_lvl < doi_def->map.std->lvl.local_size) { > + if (host_lvl < doi_def->map.std->lvl.local_size && > + doi_def->map.std->lvl.local[host_lvl] < CIPSO_V4_INV_LVL) { > *net_lvl = doi_def->map.std->lvl.local[host_lvl]; > return 0; > } > - break; > + return -EPERM; > } > > return -EINVAL; > @@ -771,7 +772,7 @@ static int cipso_v4_map_lvl_ntoh(const s > *host_lvl = doi_def->map.std->lvl.cipso[net_lvl]; > return 0; > } > - break; > + return -EPERM; > } > > return -EINVAL; > > -- > paul moore > linux security @ hp > > - > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- James Morris <jmorris@...ei.org> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists