lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 15 May 2017 13:08:19 +0200
From:   Tobias Jungel <tobias.jungel@...dn.de>
To:     Stephen Hemminger <stephen@...workplumber.org>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: [PATCH] bridge: netlink: check vlan_default_pvid range

Currently it is allowed to set the default pvid of a bridge to a value
above VLAN_VID_MASK (0xfff). This patch checks the passed pvid and
disables the pvid in case it is out of bounds.

Reproduce by calling:

[root@...t ~]# ip l a type bridge
[root@...t ~]# ip l a type dummy
[root@...t ~]# ip l s bridge0 type bridge vlan_filtering 1
[root@...t ~]# ip l s bridge0 type bridge vlan_default_pvid 9999
[root@...t ~]# ip l s dummy0 master bridge0
[root@...t ~]# bridge vlan
port	vlan ids
bridge0	 9999 PVID Egress Untagged

dummy0	 9999 PVID Egress Untagged
---
 net/bridge/br_vlan.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index b838213..e363d75 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -820,7 +820,7 @@ int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
 	int err = 0;
 	unsigned long *changed;
 
-	if (!pvid) {
+	if (!pvid || pvid >= VLAN_VID_MASK) {
 		br_vlan_disable_default_pvid(br);
 		return 0;
 	}
-- 
2.9.4

Powered by blists - more mailing lists