| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Oct 2016 16:00:18 -0700 From: Sowmini Varadhan <sowmini.varadhan@...cle.com> To: "Duyck, Alexander H" <alexander.h.duyck@...el.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: bug in ixgbe_atr On (10/14/16 16:09), Duyck, Alexander H wrote: > Sorry I was thinking of a different piece of code. In the case of the > atr code it would be hdr.network, not hdr.raw. Basically the thought > was to validate that there is enough data in skb_headlen() that we can > verify that from where the network header should be we have at least > 40 bytes of data as that would be the minimum needed for a TCP header > and an IPv4 header, or just an IPv6 header. We would probably need a > separate follow-up for the TCP header after we validate network header. : >> Dropping it is fine with me I guess - maybe just return, if the >> skb_headlen() doesnt have enough bytes for a network header, i.e., >> skb_headlen >> is at least ETH_HLEN + sizeof (struct iphdr) for ETH_P_IP, or ETH_HLEN + >> sizeof (struct ipv6hdr) for ETH_P_IPV6? > Right that is kind of what I was thinking. If we validate that we > have at least 40 before inspecting the network header, and at least 20 > before we validate the TCP header that would work for me. yes, I was on a plane through most of the day today but thought about this. I think we can check if skb_network_offset() is between skb->data and tail, and also make sure there are "enough" bytes for trying to find the ip and transport header. Let me try to put a RFC patch together for this tomorrow.
Powered by blists - more mailing lists