lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 20 Mar 2014 14:47:25 -0600
From:	David Stevens <dlstevens@...ibm.com>
To:	David Miller <davem@...emloft.net>
Cc:	mike.rapoport@...ellosystems.com, netdev@...r.kernel.org
Subject: Re: [PATCH net] net: vxlan: fix crash when interface is created with no
 group



>From: David Miller 

>Any objections to this? I think it maintains the pre-ipv6-support
>behavior. I know there may be some concerns about supporting
>multiple
>families on the same socket, but I'm not so sure the code is able to
>support that right now anyways.

I'm ok with the idea of determining the AF from the socket -- mixed
support, if useful, can be added later. But the patch needs to then
check and drop packets encapsulated with the wrong address family.

And it still shouldn't assume !v4 means v6.

[apologies for spacing; doing this from a web browser...]
So, I think we need something like:

     if (vs->family == AF_INET && skb->protocol == ntohs(ETH_P_IP)) {
        ....
     } else if (vs->family == AF_INET6 && skb->protocol == ntohs(ETH_P_IPV6)) {
        ...
     } else
           goto drop


                                                          +-DLS

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ