| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jul 2015 21:19:50 +0200 From: Thomas Graf <tgraf@...g.ch> To: Julian Anastasov <ja@....bg> Cc: roopa@...ulusnetworks.com, rshearma@...cade.com, ebiederm@...ssion.com, hannes@...essinduktion.org, pshelar@...ira.com, jesse@...ira.com, davem@...emloft.net, daniel@...earbox.net, tom@...bertland.com, edumazet@...gle.com, jiri@...nulli.us, marcelo.leitner@...il.com, stephen@...workplumber.org, jpettit@...ira.com, kaber@...sh.net, netdev@...r.kernel.org, dev@...nvswitch.org Subject: Re: [RFC net-next 11/22] dst: Metadata destinations On 07/10/15 at 09:57pm, Julian Anastasov wrote: > > Hello, > > On Fri, 10 Jul 2015, Thomas Graf wrote: > > > --- a/net/ipv4/route.c > > +++ b/net/ipv4/route.c > > @@ -1691,6 +1691,8 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, > > by fib_lookup. > > */ > > > > + skb_dst_drop(skb); > > + > > This is not very safe. There are places that > call ip_route_input() for temporary lookups and they > do not set NULL. For example, icmp_route_lookup(), > may be there are other such places... Wow. What a tremendous hack ;-) It saves and restores the original dst ref to avoid the leaked reference. > OTOH, ip_options_rcv_srr() looks correct to use > skb_dst_set(skb, NULL), may be such call should be > added if it is missing... Agreed. This seems to be the right fix. I'll apply to this icmp_route_lookup() as well. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists