lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Dec 2015 14:51:04 -0800 From: roopa <roopa@...ulusnetworks.com> To: Robert Shearman <rshearma@...cade.com> CC: ebiederm@...ssion.com, davem@...emloft.net, netdev@...r.kernel.org, sam.h.russell@...il.com Subject: Re: [PATCH net 1/4] mpls: validate L2 via address length On 12/10/15, 11:30 AM, Robert Shearman wrote: > If an L2 via address for an mpls nexthop is specified, the length of > the L2 address must match that expected by the output device, > otherwise it could access memory beyond the end of the via address > buffer in the route. > > This check was present prior to commit f8efb73c97e2 ("mpls: multipath > route support"), but got lost in the refactoring, so add it back, > applying it to all nexthops in multipath routes. > > Fixes: f8efb73c97e2 ("mpls: multipath route support") > Signed-off-by: Robert Shearman <rshearma@...cade.com> > --- > net/mpls/af_mpls.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c > index c70d750148b6..3be29cb1f658 100644 > --- a/net/mpls/af_mpls.c > +++ b/net/mpls/af_mpls.c > @@ -534,6 +534,10 @@ static int mpls_nh_assign_dev(struct net *net, struct mpls_route *rt, > if (!mpls_dev_get(dev)) > goto errout; > > + if ((nh->nh_via_table == NEIGH_LINK_TABLE) && > + (dev->addr_len != nh->nh_via_alen)) > + goto errout; > + > Robert, seems like the right place for this check is nla_get_via ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists