| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Dec 2012 19:09:51 +0800
From: Duan Jiong <djduanjiong@...il.com>
To: Steffen Klassert <steffen.klassert@...unet.com>
CC: davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH] ipv6: fix the bug when propagating Redirect Message
δΊ 2012/12/11 21:45, Steffen Klassert ει:
> On Tue, Dec 11, 2012 at 08:58:20PM +0800, Duan Jiong wrote:
>>
>> Just like you said, i try to use ndisc_parse_options() to instead
>> of the loop, but i find the skb->data can't be changed in function
>> ndisc_parse_options() due to lack of arguments. So i think it is
>> better to continue to use the loop. How do you think this?
>>
>
> You can change the data pointer after ndisc_parse_options().
> Something like the (untested) patch below should do it.
>
> include/net/ndisc.h | 7 +++++++
> net/ipv6/ndisc.c | 20 ++++++++++++++++++++
> 2 files changed, 27 insertions(+)
>
> diff --git a/include/net/ndisc.h b/include/net/ndisc.h
> index 980d263..c17bccd 100644
> --- a/include/net/ndisc.h
> +++ b/include/net/ndisc.h
> @@ -78,6 +78,13 @@ struct ra_msg {
> __be32 retrans_timer;
> };
>
> +struct rd_msg {
> + struct icmp6hdr icmph;
> + struct in6_addr target;
> + struct in6_addr dest;
> + __u8 opt[0];
> +};
> +
> struct nd_opt_hdr {
> __u8 nd_opt_type;
> __u8 nd_opt_len;
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index 2edce30..9afd23f 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -1333,6 +1333,12 @@ out:
>
> static void ndisc_redirect_rcv(struct sk_buff *skb)
> {
> + u8 *hdr;
> + struct ndisc_options ndopts;
> + struct rd_msg *msg = (struct rd_msg *) skb_transport_header(skb);
> + u32 ndoptlen = skb->tail - (skb->transport_header +
> + offsetof(struct rd_msg, opt));
> +
> #ifdef CONFIG_IPV6_NDISC_NODETYPE
> switch (skb->ndisc_nodetype) {
> case NDISC_NODETYPE_HOST:
> @@ -1349,6 +1355,20 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
> return;
> }
>
> + if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
> + ND_PRINTK(2, warn, "Redirect: invalid ND options\n");
> + return;
> + }
> +
> + if (!ndopts.nd_opts_rh)
> + return;
> +
> + hdr = (u8 *) ndopts.nd_opts_rh;
> + hdr += 8;
> +
> + if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
> + return;
> +
> icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
> }
>
>
Thanks for you help. I will test it.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists