| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20160711.134147.2115995974849910917.davem@davemloft.net>
Date: Mon, 11 Jul 2016 13:41:47 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: ja@....bg
Cc: netdev@...r.kernel.org, vegard.nossum@...cle.com,
gospo@...ulusnetworks.com, ddutt@...ulusnetworks.com,
sfeldma@...il.com
Subject: Re: [PATCHv2 net] ipv4: reject RTNH_F_DEAD and RTNH_F_LINKDOWN
from user space
From: Julian Anastasov <ja@....bg>
Date: Sun, 10 Jul 2016 21:11:55 +0300
> Vegard Nossum is reporting for a crash in fib_dump_info
> when nh_dev = NULL and fib_nhs == 1:
...
> $ addr2line -e vmlinux -i 0x602b3d18
> include/linux/inetdevice.h:222
> net/ipv4/fib_semantics.c:1264
>
> Problem happens when RTNH_F_LINKDOWN is provided from user space
> when creating routes that do not use the flag, catched with
> netlink fuzzer.
>
> Currently, the kernel allows user space to set both flags
> to nh_flags and fib_flags but this is not intentional, the
> assumption was that they are not set. Fix this by rejecting
> both flags with EINVAL.
>
> Reported-by: Vegard Nossum <vegard.nossum@...cle.com>
> Fixes: 0eeb075fad73 ("net: ipv4 sysctl option to ignore routes when nexthop link is down")
> Signed-off-by: Julian Anastasov <ja@....bg>
Applied and queud up for -stable, thanks Julian.
Powered by blists - more mailing lists