| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130103003923.GA30625@1984>
Date: Thu, 3 Jan 2013 01:39:23 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: akong@...hat.com
Cc: netdev@...r.kernel.org, davem@...emloft.net,
Netfilter Development Mailing list
<netfilter-devel@...r.kernel.org>
Subject: Re: [PATCH] net: fix checking boundary of valid vlan id
On Sun, Dec 30, 2012 at 02:28:51PM +0800, akong@...hat.com wrote:
> From: Amos Kong <akong@...hat.com>
>
> 4096 is not a valid vlan id.
>
> Signed-off-by: Amos Kong <akong@...hat.com>
> ---
> net/bridge/netfilter/ebt_vlan.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
> index eae67bf..b279ec0 100644
> --- a/net/bridge/netfilter/ebt_vlan.c
> +++ b/net/bridge/netfilter/ebt_vlan.c
> @@ -121,8 +121,8 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
> * if_vlan.h: VLAN_N_VID 4096. */
> if (GET_BITMASK(EBT_VLAN_ID)) {
> if (!!info->id) { /* if id!=0 => check vid range */
> - if (info->id > VLAN_N_VID) {
> - pr_debug("id %d is out of range (1-4096)\n",
> + if (info->id >= VLAN_N_VID) {
> + pr_debug("id %d is out of range (1-4095)\n",
Someone may forge frames including reserved VLAN ids.
People can use ebtables to drop invalid frames, this is a firewalling
utility after all ;-). I'm not taking these, sorry.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists