lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 24 Jul 2013 20:28:52 -0300
From:	Werner Almesberger <werner@...esberger.net>
To:	netdev@...r.kernel.org
Subject: minimum ICMPv6 message size vs. RPL's DIS

The kernel assumes that any valid ICMPv6 message is at least eight
bytes long, for example in net/ipv6/raw.c:icmpv6_filter

The DIS message of RPL (RFC 6550 section 6.2, from the 6LoWPAN
world), has a minimum length of six bytes, and is thus blocked by
icmpv6_filter.

Contiki OS sends this sort of messages and is thus ignored by an
user-space RPL application on Linux (in my case simpleRPL). Nodes
will eventually join the network regardless, but this can take
hours instead of seconds.
 
RFC 4443 seems to allow even a zero-sized body, making the minimum
allowable size four bytes.

A similar restriction exists in net/ipv6/icmp.c:icmpv6_rcv but
causes no harm there since all potential recipients at that point
expect a larger payload.

Now, while this is easy enough to fix on the Linux side (see
below), I wonder if it is really a Linux bug or if I (and the
authors of RPL in Contiki) may have missed some minimum size
requirement for ICMPv6 messages stated elsewhere.

Opinions ?

- Werner

diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index c45f7a5..539534c 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -112,7 +112,7 @@ static int icmpv6_filter(const struct sock *sk, const struct sk_buff *skb)
 	const struct icmp6hdr *hdr;
 
 	hdr = skb_header_pointer(skb, skb_transport_offset(skb),
-				 sizeof(_hdr), &_hdr);
+				 4, &_hdr);
 	if (hdr) {
 		const __u32 *data = &raw6_sk(sk)->filter.data[0];
 		unsigned int type = hdr->icmp6_type;
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ