| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <537CF5A2.3080401@pandora.be> Date: Wed, 21 May 2014 20:51:14 +0200 From: Bart De Schuymer <bdschuym@...dora.be> To: David Newall <davidn@...idnewall.com>, Florian Westphal <fw@...len.de> CC: Stephen Hemminger <stephen@...workplumber.org>, Netdev <netdev@...r.kernel.org>, netfilter-devel@...r.kernel.org, bridge@...ts.linux-foundation.org Subject: Re: Revert 462fb2af9788a82a534f8184abfde31574e1cfa0 (bridge : Sanitize skb before it enters the IP stack) David Newall schreef op 21/05/2014 9:49: >> An alternative would be to make sure that the data pointed to by IPCB >> and BR_INPUT_SKB_CB don't overlap. If this were the case, we could >> indeed just revert the commit that was referred to. > > They are identical spaces, but you imply a good point: the cb area is > possibly being used, simultaneously, for two, incompatible purposes. Yet > another argument for divorcing bridge of ip logic. There's no reason why they should overlap in the cb: it's 48 bytes big, so big enough to hold both struct br_input_skb_cb and struct inet_skb_parm. The original problem was introduced when BR_INPUT_SKB_CB was introduced (around Feb 27, 2010), so fixing BR_INPUT_SKB_CB seems most appropriate to me. As for your other remark: as I've said before, if you don't like bridge-netfilter then don't compile it into your kernel. Bart -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists