lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <50C865FF.7030209@gmail.com>
Date:	Wed, 12 Dec 2012 19:09:51 +0800
From:	Duan Jiong <djduanjiong@...il.com>
To:	Steffen Klassert <steffen.klassert@...unet.com>
CC:	davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH] ipv6: fix the bug when propagating Redirect Message

于 2012/12/11 21:45, Steffen Klassert 写道:
> On Tue, Dec 11, 2012 at 08:58:20PM +0800, Duan Jiong wrote:
>>
>> Just like you said, i try to use ndisc_parse_options() to instead
>> of the loop, but i find the skb->data can't be changed in function
>> ndisc_parse_options() due to lack of  arguments. So i think it is
>> better to continue to use the loop. How do you think this?
>>
> 
> You can change the data pointer after ndisc_parse_options().
> Something like the (untested) patch below should do it.
> 
>  include/net/ndisc.h |    7 +++++++
>  net/ipv6/ndisc.c    |   20 ++++++++++++++++++++
>  2 files changed, 27 insertions(+)
> 
> diff --git a/include/net/ndisc.h b/include/net/ndisc.h
> index 980d263..c17bccd 100644
> --- a/include/net/ndisc.h
> +++ b/include/net/ndisc.h
> @@ -78,6 +78,13 @@ struct ra_msg {
>  	__be32			retrans_timer;
>  };
>  
> +struct rd_msg {
> +        struct icmp6hdr	icmph;
> +        struct in6_addr	target;
> +        struct in6_addr	dest;
> +	__u8		opt[0];
> +};
> +
>  struct nd_opt_hdr {
>  	__u8		nd_opt_type;
>  	__u8		nd_opt_len;
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index 2edce30..9afd23f 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -1333,6 +1333,12 @@ out:
>  
>  static void ndisc_redirect_rcv(struct sk_buff *skb)
>  {
> +	u8 *hdr;
> +	struct ndisc_options ndopts;
> +	struct rd_msg *msg = (struct rd_msg *) skb_transport_header(skb);
> +	u32 ndoptlen = skb->tail - (skb->transport_header +
> +				    offsetof(struct rd_msg, opt));
> +
>  #ifdef CONFIG_IPV6_NDISC_NODETYPE
>  	switch (skb->ndisc_nodetype) {
>  	case NDISC_NODETYPE_HOST:
> @@ -1349,6 +1355,20 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
>  		return;
>  	}
>  
> +	if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
> +		ND_PRINTK(2, warn, "Redirect: invalid ND options\n");
> +		return;
> +	}
> +
> +	if (!ndopts.nd_opts_rh)
> +		return;
> +
> +	hdr = (u8 *) ndopts.nd_opts_rh;
> +	hdr += 8;
> +
> +	if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
> +		return;
> +
>  	icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
>  }
>  
> 
Thanks for you help. I will test it.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ