| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110211064138.GB29940@gondor.apana.org.au>
Date: Fri, 11 Feb 2011 17:41:38 +1100
From: Herbert Xu <herbert@...dor.apana.org.au>
To: David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org
Subject: Re: GRO/GSO hiding PMTU?
On Thu, Feb 10, 2011 at 10:35:44PM -0800, David Miller wrote:
>
> Herbert how does this look for now?
This should work.
> Of course, we need to do something similar in all kinds of other spots.
>
> Even places like bridging :-/
Yeah every place that does skb->len and skb_is_gso checks will need
this.
> +static bool send_frag_needed(struct sk_buff *skb, struct rtable *rt)
> +{
> + unsigned int len_to_check = skb->len;
> +
> + if (skb_is_gso(skb)) {
> + unsigned int gso_size = skb_shinfo(skb)->gso_size;
> + unsigned int ihl = ip_hdr(skb)->ihl * 4;
> + struct tcphdr th_stack, *th;
> +
> + if (WARN_ON_ONCE(ip_hdr(skb)->protocol != IPPROTO_TCP))
> + return false;
> +
> + th = skb_header_pointer(skb, ihl, sizeof(th_stack),
> + &th_stack);
> + if (!th)
> + return false;
> +
> + len_to_check = gso_size + ihl + (th->doff * 4);
I think we need to do some length verifications here because for
a malicious guest-generated packet the TCP header may not be present.
Thanks,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists