| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20120401.235724.1615627410446519543.davem@davemloft.net> Date: Sun, 01 Apr 2012 23:57:24 -0400 (EDT) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: xiaosuo@...il.com, kaber@...sh.net, pablo@...filter.org, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] net: check the length of the data before dereferencing it From: Eric Dumazet <eric.dumazet@...il.com> Date: Mon, 02 Apr 2012 05:53:17 +0200 > On Mon, 2012-04-02 at 11:45 +0800, Changli Gao wrote: > >> Thinking about a malformed tcp segment, which has no data but silly >> options, and whose last byte is neither TCPOPT_EOL or TCPOPT_NOP, we >> will try to dereference one byte over the boundary when parsing the >> options. I know we have skb_shared_info at the end and it won't cause >> any crash, but should we rely on this fact? >> > > No we cant rely on this, kmemcheck might barf on us. Give me a break. The code does the right thing, in every possible case, and in every possible valid state of an SKB. If we can't make kmemcheck handle that, tough, I'm not adding useless tests to a function, specifically tests which are always there and that don't fix anything. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists