| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Oct 2014 14:28:06 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: Florian Westphal <fw@...len.de> Cc: Herbert Xu <herbert@...dor.apana.org.au>, netfilter-devel@...r.kernel.org, bsd@...hat.com, stephen@...workplumber.org, netdev@...r.kernel.org, eric.dumazet@...il.com, davidn@...idnewall.com, "David S. Miller" <davem@...emloft.net> Subject: Re: bridge: Do not compile options in br_parse_ip_options On Fri, Oct 24, 2014 at 12:41:49PM +0200, Florian Westphal wrote: > Herbert Xu <herbert@...dor.apana.org.au> wrote: > > bridge: Do not compile options in br_parse_ip_options > > > > Commit 462fb2af9788a82a534f8184abfde31574e1cfa0 > > > > bridge : Sanitize skb before it enters the IP stack > > > > broke when IP options are actually used because it mangles the > > skb as if it entered the IP stack which is wrong because the > > bridge is supposed to operate below the IP stack. > > > > Since nobody has actually requested for parsing of IP options > > this patch fixes it by simply reverting to the previous approach > > of ignoring all IP options, i.e., zeroing the IPCB. > > > > If and when somebody who uses IP options and actually needs them > > to be parsed by the bridge complains then we can revisit this. > > > > Reported-by: David Newall <davidn@...idnewall.com> > > Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> > > Tested-by: Florian Westphal <fw@...len.de> Applied, thanks a lot for testing Florian. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists