lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1278742953.2538.24.camel@edumazet-laptop>
Date:	Sat, 10 Jul 2010 08:22:33 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Changli Gao <xiaosuo@...il.com>
Cc:	"David S. Miller" <davem@...emloft.net>,
	Jamal Hadi Salim <hadi@...erus.ca>,
	Rodrigo Partearroyo González 
	<rpartearroyo@...entia.com>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Iratxo Pichel Ortiz <ipichel@...entia.com>,
	Noelia Morón <nmoron@...entia.com>,
	netdev@...r.kernel.org
Subject: Re: [PATCH] act_nat: not all of the ICMP packets need an IP header
 payload

Le samedi 10 juillet 2010 à 09:33 +0800, Changli Gao a écrit :
> act_nat: not all of the ICMP packets need an IP header payload
> 
> not all of the ICMP packets need an IP header payload, so we check the length
> of the skbs only when the packets should have an IP header payload.
> 
> Signed-off-by: Changli Gao <xiaosuo@...il.com>
> ----
>  net/sched/act_nat.c |    5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
> index 0be49a4..24e614c 100644
> --- a/net/sched/act_nat.c
> +++ b/net/sched/act_nat.c
> @@ -205,7 +205,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
>  	{
>  		struct icmphdr *icmph;
>  
> -		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
> +		if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
>  			goto drop;
>  
>  		icmph = (void *)(skb_network_header(skb) + ihl);
> @@ -215,6 +215,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
>  		    (icmph->type != ICMP_PARAMETERPROB))
>  			break;
>  
> +		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
> +			goto drop;
> +
>  		iph = (void *)(icmph + 1);
>  		if (egress)
>  			addr = iph->daddr;

Changli, this patch has no attribution.

Rodrigo spent lot of time to find the problem and is willing to fix it.

Could you please give a chance to Rodrigo to complete its first kernel
patch ?

Thanks


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ