lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 21 Mar 2016 11:50:09 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	pabeni@...hat.com
Cc:	netdev@...r.kernel.org, kuznet@....inr.ac.ru,
	sbohrer@...advisors.com, hannes@...essinduktion.org
Subject: Re: [PATCH net] ipv4: fix broadcast packets reception

From: Paolo Abeni <pabeni@...hat.com>
Date: Mon, 21 Mar 2016 16:42:11 +0100

> Currently, ingress ipv4 broadcast datagrams are dropped if the
> ingress interface lacks an ipv4 address. This is caused by
> multiple issues:
> 
> - in udp_v4_early_demux() ip_check_mc_rcu is invoked even on
>   bcast packets
> 
> - ip_route_input_slow() always try to validate the source
> 
> This patch tries to address both issues, invoking ip_check_mc_rcu()
> only for mcast packets and calling fib_validate_source() only
> if the in_device has an address, at least.
> 
> Fixes: 6e5403093261 ("ipv4/udp: Verify multicast group is ours in upd_v4_early_demux()")
> Signed-off-by: Paolo Abeni <pabeni@...hat.com>

I'm extremely weary to change the routing lookup code wrt. broadcast, multicast,
etc. policies, ever.  The checks in there have multiple decades of precedence
and therefore are extremely dangerous to modify.

The UDP change in question didn't touch the generic routing code, therfore you
must fix this bug without modifying it either.

Sorry.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ