lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120704013258.GA26225@kvack.org>
Date:	Tue, 3 Jul 2012 21:32:58 -0400
From:	Benjamin LaHaise <bcrl@...ck.org>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org, linux-ppp@...r.kernel.org
Subject: [PATCH next-next] ppp: change default for incoming protocol filter to NPMODE_DROP

By default, the ppp_generic code initializes the npmode array that filters
incoming packet to accept packets for all protocols.  This behaviour is
incorrect, as it results in packets for protocols that an older version
of a PPP implementation may not be aware of to be incorrectly accepted.
This behaviour is visible, for example, when sending IPv6 packets across a
ppp link where pppd has only been configured to use IPv4.

This change should be safe since pppd will correctly set the protocols it
negotiates to NPMODE_PASS as the appropriate protocols transition to an Up
state.

Signed-off-by: Benjamin LaHaise <bcrl@...ck.org>
---
 drivers/net/ppp/ppp_generic.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 5c05572..404ac50 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -2619,7 +2619,7 @@ ppp_create_interface(struct net *net, int unit, int *retp)
 	init_ppp_file(&ppp->file, INTERFACE);
 	ppp->file.hdrlen = PPP_HDRLEN - 2;	/* don't count proto bytes */
 	for (i = 0; i < NUM_NP; ++i)
-		ppp->npmode[i] = NPMODE_PASS;
+		ppp->npmode[i] = NPMODE_DROP;
 	INIT_LIST_HEAD(&ppp->channels);
 	spin_lock_init(&ppp->rlock);
 	spin_lock_init(&ppp->wlock);
-- 
1.7.4.1


-- 
"Thought is the essence of where you are now."
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ