lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Jul 2007 09:12:31 +0100 From: Al Viro <viro@....linux.org.uk> To: davem@...emloft.net Cc: netdev@...r.kernel.org Subject: [PATCH] endianness bug in ip6_tunnel IPV6_TCLASS_MASK is net-endian; what happens here is that we take a value and shove it into bits 20--27 of net-endian 32bit word. IOW, it's misannotated (it's really htonl, not ntohl) *and* the mask should be applied after conversion to net-endian, not before it. The former is harmless, the latter gives the wrong value on little-endian; As the matter of fact, on l-e it gives 0 - IPV6_TCLASS_MASK will be htonl(0x0ff00000), i.e. on little-endian we have (something << 20) & 0xff0... Signed-off-by: Al Viro <viro@...iv.linux.org.uk> --- diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -962,8 +962,8 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) dsfield = ipv4_get_dsfield(iph); if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)) - fl.fl6_flowlabel |= ntohl(((__u32)iph->tos << IPV6_TCLASS_SHIFT) - & IPV6_TCLASS_MASK); + fl.fl6_flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT) + & IPV6_TCLASS_MASK; err = ip6_tnl_xmit2(skb, dev, dsfield, &fl, encap_limit, &mtu); if (err != 0) { - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists