lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 21 Jul 2007 09:12:31 +0100
From:	Al Viro <viro@....linux.org.uk>
To:	davem@...emloft.net
Cc:	netdev@...r.kernel.org
Subject: [PATCH] endianness bug in ip6_tunnel

IPV6_TCLASS_MASK is net-endian; what happens here is that we take
a value and shove it into bits 20--27 of net-endian 32bit word.
IOW, it's misannotated (it's really htonl, not ntohl) *and* the
mask should be applied after conversion to net-endian, not before it.
The former is harmless, the latter gives the wrong value on little-endian;
As the matter of fact, on l-e it gives 0 - IPV6_TCLASS_MASK will be
htonl(0x0ff00000), i.e. on little-endian we have (something << 20) & 0xff0...

Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
---
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -962,8 +962,8 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
 	dsfield = ipv4_get_dsfield(iph);
 
 	if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS))
-		fl.fl6_flowlabel |= ntohl(((__u32)iph->tos << IPV6_TCLASS_SHIFT)
-					  & IPV6_TCLASS_MASK);
+		fl.fl6_flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT)
+					  & IPV6_TCLASS_MASK;
 
 	err = ip6_tnl_xmit2(skb, dev, dsfield, &fl, encap_limit, &mtu);
 	if (err != 0) {
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists