lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Jan 2011 11:43:52 +0200 From: "Winkler, Tomas" <tomas.winkler@...el.com> To: Johannes Berg <johannes@...solutions.net> CC: "davem@...emloft.net" <davem@...emloft.net>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Stephen Hemminger <shemminger@...tta.com> Subject: RE: [PATCH 1/1 V3] bridge: fix br_multicast_ipv6_rcv for paged skbs > -----Original Message----- > From: Johannes Berg [mailto:johannes@...solutions.net] > Sent: Monday, January 03, 2011 11:34 AM > To: Winkler, Tomas > Cc: davem@...emloft.net; netdev@...r.kernel.org; Stephen Hemminger > Subject: Re: [PATCH 1/1 V3] bridge: fix br_multicast_ipv6_rcv for paged skbs > > On Sun, 2011-01-02 at 22:18 +0200, Tomas Winkler wrote: > > > icmp6h = icmp6_hdr(skb2); > > > > switch (icmp6h->icmp6_type) { > > @@ -1516,7 +1517,12 @@ static int br_multicast_ipv6_rcv(struct net_bridge > *br, > > switch (icmp6h->icmp6_type) { > > case ICMPV6_MGM_REPORT: > > { > > - struct mld_msg *mld = (struct mld_msg *)icmp6h; > > + struct mld_msg *mld; > > + if (!pskb_may_pull(skb2, sizeof(*mld))) { > > + err = -EINVAL; > > + goto out; > > + } > > + mld = (struct mld_msg *)icmp6h; > > This (and the second instance) is incorrect afaict -- the pointer > "icmp6h" should be reloaded after the pskb_may_pull(), no? mld_msg is bigger than icmp6h by sizeof(in6_addr) so we have to try pull again a bigger chunk. > > Also, the "out_nopush" thing is pointless since the push is completely > unnecessary as "skb2 != skb" is always true. You are right if skb_clone doesn't return the same pointer then yes. Shame, but I'm not a sbk expert. I'm diving into it now. Thanks Tomas --------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
Powered by blists - more mailing lists