lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 29 Jan 2016 12:06:53 -0800
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Sowmini Varadhan <sowmini.varadhan@...cle.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [RFC] Kernel unaligned access at __skb_flow_dissect

On Fri, 2016-01-29 at 12:01 -0800, Eric Dumazet wrote:
> On Fri, 2016-01-29 at 14:44 -0500, Sowmini Varadhan wrote:
> > On (01/29/16 11:37), Eric Dumazet wrote:
> > > 
> > > I have no idea why reading iph->saddr or iph->daddr would not hit the
> > > problem, but accessing the 32bit ipv6 flow label would be an issue.
> > > 
> > > Something is fishy.
> > 
> > I was wondering about this myself. Even on sparc, I only first
> > ran into the errors for ipv6. I dont know if the fact that the
> > saddr is memcpy'ed masks the error (even though the problem
> > is still there). 
> 
> Oh right, recent work in flow dissector added all these memcpy()
> 
> I was still looking at linux-4.3 ;)

The code for GRE/GRE_KEY is still accessing 32bit vars.

const __be32 *keyid;
...
key_keyid->keyid = *keyid;

So instead of auditing flow dissect code, we should fix the few drivers
using it.



Powered by blists - more mailing lists