lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAF=yD-J6r+myVVAb5uNL8-Fua7Gr5q8U+veqPB=xm4gNOTp5Tg@mail.gmail.com>
Date:   Fri, 27 Jan 2017 14:29:06 -0500
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Sowmini Varadhan <sowmini.varadhan@...cle.com>
Cc:     David Miller <davem@...emloft.net>,
        Network Development <netdev@...r.kernel.org>
Subject: Re: [PATCH RFC net-next] packet: always ensure that we pass
 hard_header_len bytes in skb_headlen() to the driver

> On (01/27/17 10:28), Willem de Bruijn wrote:
>> > Would it make sense to only do the CAP_SYS_RAWIO branch if the
>> > driver declares itself to have variable length L2 headers, via, e.g.,
>> > some priv flag?
>>
>> At the time, the comments were not specific to AX25. Again, we should
>> probably put that bypass behind a flag, enabling validating in the common case.
>
> Just to make sure I'm on the same page as you (since you have more
> history with this one..) we are going to have a priv_flags like
> IFF_VAR_L2HDR which (today) would only be set for ax25, and
> we would only take the CAP_SYS_RAWIO branch for IFF_VAR_L2HDR, right?

I suggested a sysctl. But either approach may cause test applications
that depend on current behavior to start failing.

As your patch state, the contract is that any packet delivered to a
driver has the entire L2 in its linear section. Drivers are not required
to be robust against shorter packets, so there is no reason to test
those.

One option is to limit your fix to known fixed-header protocols.
In these cases hard_header_len is the minimum, so anything
smaller must be dropped.

For protocols with variable header length it is fine to send packets
shorter than hard_header_len, even with corrupted content (i.e.,
even if they would fail that protocol's validate callback), as long as
they exceed the minimum length. ax25 already has a min length
check through its protocol-specific validate callback.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ