| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20160223.191221.211549664974307758.davem@davemloft.net> Date: Tue, 23 Feb 2016 19:12:21 -0500 (EST) From: David Miller <davem@...emloft.net> To: bernie.harris@...iedtelesis.co.nz Cc: netdev@...r.kernel.org, kuznet@....inr.ac.ru, stable@...r.kernel.org Subject: Re: [PATCH v3] tunnel: Clear IPCB(skb)->opt before dst_link_failure called From: Bernie Harris <bernie.harris@...iedtelesis.co.nz> Date: Mon, 22 Feb 2016 12:58:05 +1300 > IPCB may contain data from previous layers (in the observed case the > qdisc layer). In the observed scenario, the data was misinterpreted as > ip header options, which later caused the ihl to be set to an invalid > value (<5). This resulted in an infinite loop in the mips implementation > of ip_fast_csum. > > This patch clears IPCB(skb)->opt before dst_link_failure can be called for > various types of tunnels. This change only applies to encapsulated ipv4 > packets. > > The code introduced in 11c21a30 which clears all of IPCB has been removed > to be consistent with these changes, and instead the opt field is cleared > unconditionally in ip_tunnel_xmit. The change in ip_tunnel_xmit applies to > SIT, GRE, and IPIP tunnels. > > The relevant vti, l2tp, and pptp functions already contain similar code for > clearing the IPCB. > > Signed-off-by: Bernie Harris <bernie.harris@...iedtelesis.co.nz> Applied and queued up for -stable, thanks!
Powered by blists - more mailing lists