lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Dec 2012 19:09:51 +0800 From: Duan Jiong <djduanjiong@...il.com> To: Steffen Klassert <steffen.klassert@...unet.com> CC: davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH] ipv6: fix the bug when propagating Redirect Message δΊ 2012/12/11 21:45, Steffen Klassert ει: > On Tue, Dec 11, 2012 at 08:58:20PM +0800, Duan Jiong wrote: >> >> Just like you said, i try to use ndisc_parse_options() to instead >> of the loop, but i find the skb->data can't be changed in function >> ndisc_parse_options() due to lack of arguments. So i think it is >> better to continue to use the loop. How do you think this? >> > > You can change the data pointer after ndisc_parse_options(). > Something like the (untested) patch below should do it. > > include/net/ndisc.h | 7 +++++++ > net/ipv6/ndisc.c | 20 ++++++++++++++++++++ > 2 files changed, 27 insertions(+) > > diff --git a/include/net/ndisc.h b/include/net/ndisc.h > index 980d263..c17bccd 100644 > --- a/include/net/ndisc.h > +++ b/include/net/ndisc.h > @@ -78,6 +78,13 @@ struct ra_msg { > __be32 retrans_timer; > }; > > +struct rd_msg { > + struct icmp6hdr icmph; > + struct in6_addr target; > + struct in6_addr dest; > + __u8 opt[0]; > +}; > + > struct nd_opt_hdr { > __u8 nd_opt_type; > __u8 nd_opt_len; > diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c > index 2edce30..9afd23f 100644 > --- a/net/ipv6/ndisc.c > +++ b/net/ipv6/ndisc.c > @@ -1333,6 +1333,12 @@ out: > > static void ndisc_redirect_rcv(struct sk_buff *skb) > { > + u8 *hdr; > + struct ndisc_options ndopts; > + struct rd_msg *msg = (struct rd_msg *) skb_transport_header(skb); > + u32 ndoptlen = skb->tail - (skb->transport_header + > + offsetof(struct rd_msg, opt)); > + > #ifdef CONFIG_IPV6_NDISC_NODETYPE > switch (skb->ndisc_nodetype) { > case NDISC_NODETYPE_HOST: > @@ -1349,6 +1355,20 @@ static void ndisc_redirect_rcv(struct sk_buff *skb) > return; > } > > + if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { > + ND_PRINTK(2, warn, "Redirect: invalid ND options\n"); > + return; > + } > + > + if (!ndopts.nd_opts_rh) > + return; > + > + hdr = (u8 *) ndopts.nd_opts_rh; > + hdr += 8; > + > + if (!pskb_pull(skb, hdr - skb_transport_header(skb))) > + return; > + > icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); > } > > Thanks for you help. I will test it. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists