| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090206.010824.99072382.davem@davemloft.net> Date: Fri, 06 Feb 2009 01:08:24 -0800 (PST) From: David Miller <davem@...emloft.net> To: jdb@...x.dk Cc: netdev@...r.kernel.org Subject: Re: [RFC] [PATCH] Fix UDP short packet false positive From: Jesper Dangaard Brouer <jdb@...x.dk> Date: Fri, 06 Feb 2009 10:00:24 +0100 > On Thu, 2009-02-05 at 15:06 -0800, David Miller wrote: > > From: Jesper Dangaard Brouer <jdb@...x.dk> > > Date: Thu, 05 Feb 2009 13:47:07 +0100 > > > > > The UDP header pointer assignment must happen after calling > > > pskb_may_pull(). As pskb_may_pull() can potentially alter the SKB > > > buffer. > > > > Excellent work! > > Thanks :-) > > I'm wondering if the ip_hdr() pointer can be changed by the > pskb_may_pull(), but I assume it cannot as it should already be in the > linear area... right? > > Well the patch below, shows what I mean... It has the same potential problem, but in this case you'd only see corruption if the old skb->data buffer were reallocated by another user and written into very quickly (or poison'd by SLAB debugging). Please respin this patch of your's with proper commit message and signoffs, thanks! BTW, ipv6 udp gets all of this right :-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists