lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 04 Sep 2008 13:53:23 +0800 From: Shan Wei <shanwei@...fujitsu.com> To: Brian Haley <brian.haley@...com> CC: davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH RESEND] ipv6: return with appropriate error code when sending RH0 using setsockopt() Brian Haley 写道: > Shan Wei wrote: ...snip... > There's actually another bug here and in the sendmsg() path in that you > can set the hdrlen and segments_left fields to be invalid (according to > RFC3775), as long as the math works out (segments * 2 == length). > Segments_left should always be 1 and hdrlen 2 for a Type2 routing > header. The packet should be dropped at the destination, but we > probably shouldn't send it. I can send a patch for that later. > I check the RFC3775. May be the following patch is good to you. Signed-off-by: Shan Wei <shanwei@...fujitsu.com> --- net/ipv6/datagram.c | 8 ++++++-- net/ipv6/ipv6_sockglue.c | 7 +++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index 410046a..cfd499a 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -675,8 +675,12 @@ int datagram_send_ctl(struct net *net, goto exit_f; } - /* segments left must also match */ - if ((rthdr->hdrlen >> 1) != rthdr->segments_left) { + /* Per RFC3775, for a type 2 routing header, + * the Hdr Ext Len MUST be 2 and the Segments Left + * MUST be 1. + */ + if ((rthdr->hdrlen != 2) && + (rthdr->segments_left != 1)) { err = -EINVAL; goto exit_f; } diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 4e5eac3..b967965 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -377,8 +377,11 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, goto sticky_done; } - if ((rthdr->hdrlen & 1) || - (rthdr->hdrlen >> 1) != rthdr->segments_left) + /* Per RFC3775, for a type 2 routing header, + * the Hdr Ext Len MUST be 2 and the Segments Left + * MUST be 1. + */ + if ((rthdr->hdrlen != 2) && (rthdr->segments_left != 1)) goto sticky_done; } -- 1.6.0 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists