lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <47ED94D0.7060902@redhat.com>
Date:	Fri, 28 Mar 2008 21:01:04 -0400
From:	Hideo AOKI <haoki@...hat.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>, haoki@...hat.com
CC:	netdev <netdev@...r.kernel.org>, David Miller <davem@...emloft.net>
Subject: Re: [RFC] [NET] [0/2] pskb_expand_head() bugfix

Hello,

Herbert Xu wrote:
> On Wed, Mar 26, 2008 at 04:47:35PM -0400, Hideo AOKI wrote:
>> Or, should I simply add truesize calculation after
>> pskb_expand_head() calls which change truesize?
> 
> Can you do an audit first and tell us how many sites are currently
> buggy?

Sure. I find 24 spots.

Here is the list of caller functions which don't update turesize
or do update turesize without alignment. But I don't confirm yet 
if alignment is really needed in each case.

* macro: 1
  - Missing truesize update
        linux/skbuff.h:1369:	__skb_cow()

* kernel: 1
  - Missing alignment:
        audit.c:1121:		audit_expand()


* ipv4: 5
  - Missing truesize update:
        ipvs/ip_vs_app.c:597:	ip_vs_skb_replace()
        netfilter/nf_nat_helper.c:119: enlarge_skb()
        netfilter.c:72: 	ip_route_me_harder()
	netfilter.c:105: 	ip_xfrm_me_harder()

  - Missing alignment:
        ipcomp.c:63:		ipcomp_decompress()


* core: 5
  - Missing truesize update:
        skbuff.c:741:		skb_realloc_headroom()
	skbuff.c:840: 		skb_pad()
        skbuff.c:979: 		__pskb_pull_tail()
        skbuff.c:2393: 		skb_cow_data()
        pktgen.c:2402: 		process_ipsec()


* netlink: 1
  - Missing alignment:
        af_netlink.c:838:	netlink_trim()


* ipv6: 1
  - Missing alignment:
    	ipcomp6.c:106:		ipcomp6_input()


* netfilter: 1
  - Missing alignment:
        xt_TCPMSS.c:122:	tcpmss_mangle_packet()


* max80211: 8
  - Missing truesize update:
        tx.c:1246:		ieee80211_master_start_xmit()
        tx.c:1503:		ieee80211_subif_start_xmit()
	wpa.c:103:		ieee80211_tx_h_michael_mic_add()
	wpa.c:207:		tkip_encrypt_skb()
	wpa.c:458:		ccmp_encrypt_skb()
	wep.c:99:		ieee80211_wep_add_iv()
	rx.c:146:		ieee80211_rx_monitor()
	rx.c:905:		ieee80211_rx_h_defragment()


* xfrm: 1
  - Missing truesize update:
	xfrm_output.c:30:	xfrm_state_check_space()

Many thanks,
Hideo

--
Hitachi Computer Products (America) Inc.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ