lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Nov 2013 15:08:47 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Ben Hutchings <bhutchings@...arflare.com>, David Miller <davem@...emloft.net>, christoph.paasch@...ouvain.be, netdev@...r.kernel.org, hkchu@...gle.com, mwdalton@...gle.com Subject: [3/3] gso: Handle malicious GRO packets without crashing As virtio_net can now generate GRO frag_list packets without sufficient verification, we need to handle malicious GRO packets thrown at us. This patch converts to affected BUG_ONs in skb_segment to rate- limited warnings. Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> diff --git a/net/core/skbuff.c b/net/core/skbuff.c index bcc3f1c..fb1106d 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -2881,7 +2881,15 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features) while (tail->next) tail = tail->next; - BUG_ON(fskb && tail->len != len + doffset); + if (fskb && tail->len != len + doffset) { + net_warn_ratelimited( + "skb_segment: " + "illegal GSO fragment: %u %u\n", + tail->len, len + doffset); + kfree(nskb); + err = -EINVAL; + goto err; + } len = nskb->len; kfree(nskb); @@ -2929,7 +2937,15 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features) if (pos < offset + len) { struct sk_buff *fskb2 = fskb; - BUG_ON(pos + fskb->len != offset + len); + if (pos + fskb->len != offset + len) { + net_warn_ratelimited( + "skb_segment: " + "illegal GSO trailer: %u %u\n", + pos + fskb->len, offset + len); + kfree(nskb); + err = -EINVAL; + goto err; + } pos += fskb->len; fskb = fskb->next; -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists