| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50DB2867.20000@linux-ipv6.org> Date: Thu, 27 Dec 2012 01:40:07 +0900 From: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> To: Eric Dumazet <eric.dumazet@...il.com>, David Miller <davem@...emloft.net> CC: "'netdev@...r.kernel.org'" <netdev@...r.kernel.org>, YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> Subject: Re: [PATCH V2] ipv6 mcast: Fix incorrect use of pskb_may_pull(). Eric Dumazet wrote: > On Wed, 2012-12-26 at 12:12 +0900, YOSHIFUJI Hideaki wrote: >> pskb_may_pull(skb, len) ensures that len bytes from skb->data >> are available in a linear array. When pskb_may_pull() is >> being used multiple times for the same buffer without >> skb_pull(), the length is not accumulated. : >> @@ -1124,7 +1124,7 @@ int igmp6_event_query(struct sk_buff *skb) >> int mark = 0; >> int len; >> >> - if (!pskb_may_pull(skb, sizeof(struct in6_addr))) >> + if (!pskb_may_pull(skb, sizeof(struct icmp6hdr) + sizeof(struct in6_addr))) >> return -EINVAL; >> > > I am a bit confused by your patch. > > igmp6_event_query() is called from icmpv6_rcv() _after_ > > pskb_pull(skb, sizeof(*hdr); > > (hdr being struct icmp6hdr) > > So this patch is wrong IMHO Argh..I agree. I withdraw this one. --yoshfuji -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists