lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 10 Jun 2016 22:42:12 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	idosch@...lanox.com
Cc:	stephen@...workplumber.org, bridge@...ts.linux-foundation.org,
	netdev@...r.kernel.org, eladr@...lanox.com, ogerlitz@...lanox.com,
	yotamg@...lanox.com, nogahf@...lanox.com, fw@...len.de,
	shmulik.ladkani@...il.com, makita.toshiaki@....ntt.co.jp,
	jiri@...lanox.com
Subject: Re: [PATCH net v2] bridge: Fix incorrect re-injection of STP
 packets

From: Ido Schimmel <idosch@...lanox.com>
Date: Tue, 7 Jun 2016 12:06:58 +0300

> Commit 8626c56c8279 ("bridge: fix potential use-after-free when hook
> returns QUEUE or STOLEN verdict") fixed incorrect usage of NF_HOOK's
> return value by consuming packets in okfn via br_pass_frame_up().
> 
> However, this function re-injects packets to the Rx path with skb->dev
> set to the bridge device, which breaks kernel's STP, as all STP packets
> appear to originate from the bridge device itself.
> 
> Instead, if STP is enabled and bridge isn't a 802.1ad bridge, then learn
> packet's SMAC and inject it back to the Rx path for further processing
> by the packet handlers.
> 
> The patch also makes netfilter's behavior consistent with regards to
> packets destined to the Bridge Group Address, as no hook registered at
> LOCAL_IN will ever be called, regardless if STP is enabled or not.
> 
> Cc: Florian Westphal <fw@...len.de>
> Cc: Shmulik Ladkani <shmulik.ladkani@...il.com>
> Cc: Toshiaki Makita <makita.toshiaki@....ntt.co.jp>
> Fixes: 8626c56c8279 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict")
> Signed-off-by: Jiri Pirko <jiri@...lanox.com>
> Signed-off-by: Ido Schimmel <idosch@...lanox.com>

Applied, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ