lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150324195517.GB10851@kroah.com>
Date:	Tue, 24 Mar 2015 20:55:17 +0100
From:	Greg KH <greg@...ah.com>
To:	ljungmark@...io.se
Cc:	"security@...nel.org" <security@...nel.org>,
	security <security@...roid.com>, netdev@...r.kernel.org
Subject: Re: Responsible Disclosure

On Tue, Mar 24, 2015 at 08:31:01PM +0100, D. S. Ljungmark wrote:
> 
> This patch prevents a link-local DoS against ipv6. 
> 
> 
> To exploit, push an RA packet without any routing information, but with
> the hop limit reduced to 1.
> 
> //D.S. Ljungmark
> 
> 
> 
> 
> 
> 

> diff -urw linux-3.18.7-200.fc21.x86_64/net/ipv6/ndisc.c linux-3.18.7-200.fc21.x86_64/net/ipv6/ndisc.c
> --- linux-3.18.7-200.fc21.x86_64/net/ipv6/ndisc.c	2015-03-08 13:01:36.567000000 -0400
> +++ linux-3.18.7-200.fc21.x86_64/net/ipv6/ndisc.c	2015-03-08 12:50:55.446000000 -0400
> @@ -1215,7 +1215,15 @@
>  	if (rt)
>  		rt6_set_expires(rt, jiffies + (HZ * lifetime));
>  	if (ra_msg->icmph.icmp6_hop_limit) {
> +		/*
> +		 *	Only set hop_limit on the interface if it is higher than the current hop_limit.
> +		 *	Prevents silly routes with hop_limit 1 from affecting everyone.
> +		 */
> +		if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
>  		in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
> +		} else {
> +			ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
> +		}
>  		if (rt)
>  			dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
>  				       ra_msg->icmph.icmp6_hop_limit);


Please submit this in a form that can be applied.

Take a look at Documentation/SubmittingPatches for the proper format.

Also, you are messing with the coding style here for no reason (hint,
indent after the if, and wrap your lines properly.)

Can you fix that up, and resend, starting a new email thread, netdev
doesn't care about the prior subject, you need to pick a proper one for
the patch.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ