lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Dec 2012 10:31:41 +0100 From: Daniel Borkmann <dborkman@...hat.com> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org, Daniel Borkmann <dborkman@...hat.com>, Ani Sinha <ani@...stanetworks.com>, Eric Dumazet <eric.dumazet@...il.com> Subject: [PATCH] net: filter: return -EINVAL if BPF_S_ANC* operation is not supported Currently, we return -EINVAL for malicious or wrong BPF filters. However, this is not done for BPF_S_ANC* operations, which makes it more difficult to detect if it's actually supported or not by the BPF machine. Therefore, we should also return -EINVAL if K is within the SKF_AD_OFF universe and the ancillary operation did not match. Cc: Ani Sinha <ani@...stanetworks.com> Cc: Eric Dumazet <eric.dumazet@...il.com> Signed-off-by: Daniel Borkmann <dborkman@...hat.com> --- net/core/filter.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index c23543c..de9bed4 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -531,7 +531,7 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) [BPF_JMP|BPF_JSET|BPF_K] = BPF_S_JMP_JSET_K, [BPF_JMP|BPF_JSET|BPF_X] = BPF_S_JMP_JSET_X, }; - int pc; + int pc, anc_found; if (flen == 0 || flen > BPF_MAXINSNS) return -EINVAL; @@ -592,8 +592,10 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) case BPF_S_LD_W_ABS: case BPF_S_LD_H_ABS: case BPF_S_LD_B_ABS: + anc_found = 0; #define ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \ code = BPF_S_ANC_##CODE; \ + anc_found = 1; \ break switch (ftest->k) { ANCILLARY(PROTOCOL); @@ -610,6 +612,10 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) ANCILLARY(VLAN_TAG); ANCILLARY(VLAN_TAG_PRESENT); } + + /* ancillary operation unkown or unsupported */ + if (anc_found == 0 && ftest->k >= SKF_AD_OFF) + return -EINVAL; } ftest->code = code; } -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists