| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 01 Apr 2012 23:29:42 -0400 (EDT) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: xiaosuo@...il.com, kaber@...sh.net, pablo@...filter.org, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] net: check the length of the data before dereferencing it From: Eric Dumazet <eric.dumazet@...il.com> Date: Mon, 02 Apr 2012 05:19:33 +0200 >> @@ -3845,6 +3845,8 @@ void tcp_parse_options(const struct sk_buff *skb, struct tcp_options_received *o >> length--; >> continue; >> default: >> + if (length < 2) >> + return; >> opsize = *ptr++; >> if (opsize < 2) /* "silly options" */ >> return; > > Acked-by: Eric Dumazet <eric.dumazet@...il.com> Tag Eric, you're it. You ACK'd this patch, so you get to show how this is actually able to cause some kind of problem. I assert that this is adding a useless test, that doesn't fix any kind of possible crash or misbehavior. If length == 1 at the default:, the code will absolutely do the right thing. Prove me wrong. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists