| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130214101853.GC21829@casper.infradead.org> Date: Thu, 14 Feb 2013 10:18:53 +0000 From: Thomas Graf <tgraf@...g.ch> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: [PATCH] net: Convert skb->csum_(start|offset) integrity BUG_ON() to WARN_ON() & drop On 02/13/13 at 07:37pm, David Miller wrote: > From: Thomas Graf <tgraf@...g.ch> > Date: Wed, 13 Feb 2013 23:48:43 +0000 [...] > > b) No longer collapse if the new skb would result in a > > a headroom + data that exceeds 64K. This seems to be the > > most trivial fix. [...] > > Other ideas? > > "b" is a good idea. OK, patch to do so being tested by original reporter. > Let's not paper over this, this BUG_ON() is really a BUG_ON() > meaning "FIX ME NOW" :-) Maybe it's my general dislike of BUG_ON() in the processing path, especially if the bug condition can be influenced remotely. It looks absolutely doable to trigger the previously mentioned partial acking & collapsing on purpose by a malicious receiver even with an MTU of 1500. I believe we should avoid total DoS in future similar situations that we don't think of yet. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists