lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 06 Feb 2009 01:08:24 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	jdb@...x.dk
Cc:	netdev@...r.kernel.org
Subject: Re: [RFC] [PATCH] Fix UDP short packet false positive

From: Jesper Dangaard Brouer <jdb@...x.dk>
Date: Fri, 06 Feb 2009 10:00:24 +0100

> On Thu, 2009-02-05 at 15:06 -0800, David Miller wrote:
> > From: Jesper Dangaard Brouer <jdb@...x.dk>
> > Date: Thu, 05 Feb 2009 13:47:07 +0100
> >
> > > The UDP header pointer assignment must happen after calling
> > > pskb_may_pull().  As pskb_may_pull() can potentially alter the SKB
> > > buffer.
> >
> > Excellent work!
> 
> Thanks :-)
> 
> I'm wondering if the ip_hdr() pointer can be changed by the
> pskb_may_pull(), but I assume it cannot as it should already be in the
> linear area... right?
> 
> Well the patch below, shows what I mean...

It has the same potential problem, but in this case you'd
only see corruption if the old skb->data buffer were reallocated
by another user and written into very quickly (or poison'd by
SLAB debugging).

Please respin this patch of your's with proper commit message
and signoffs, thanks!

BTW, ipv6 udp gets all of this right :-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists