lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1302617968.30934.34.camel@polaris.local>
Date:	Tue, 12 Apr 2011 16:19:28 +0200
From:	Jan Lübbe <jluebbe@...ian.org>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Scot Doyle <lkml@...tdoyle.com>,
	Stephen Hemminger <shemminger@...tta.com>,
	Hiroaki SHIMODA <shimoda.hiroaki@...il.com>,
	netdev@...r.kernel.org
Subject: Re: Kernel panic when using bridge

On Tue, 2011-04-12 at 15:15 +0200, Eric Dumazet wrote: 
> Le mardi 12 avril 2011 à 15:02 +0200, Jan Lübbe a écrit :
> > Here you check dopt->optlen, which certainly should be 40 at most. The
> > calculation of dopt->optlen wasn't changed by my patch, though.
> 
> Check again the thread Jan.
> 
> Scot is using a tool (IP Stack Checker's tcpsic) to forge random tcp
> packets.

> Maybe your patch is fine but requires a change in a previous function,
> to make sure we deny some crazy packet before generating an ip_options
> with more than 40 bytes, in an icmp_send() reply.

One thing which could expose a problem is that it now will timestamp the
packet in the last 'slot', too. (which it didn't before)

In general, there is not a lot of error-checking in the options stuff.

> I took a look at this ip_options stuff and must say its really hard to
> even _read_ the code. Understanding it might need several days or a new
> brain ?

It took me some days do even figure out how it is supposed to fit
together...

> I cannot Ack or Nack your patch, I must admit it. Isnt it frightening?

David Miller already declared this code as 'officially terrible'...

Your patch should catch those forged packets before more harmful things
can go wrong, but even before my patch, i think forged packets could
cause trouble...

Regards,
Jan

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ