| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170515120120.GA13122@bistromath.localdomain>
Date: Mon, 15 May 2017 14:01:20 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: Tobias Jungel <tobias.jungel@...dn.de>
Cc: Stephen Hemminger <stephen@...workplumber.org>,
"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH] bridge: netlink: check vlan_default_pvid range
Hi Tobias,
2017-05-15, 13:08:19 +0200, Tobias Jungel wrote:
> Currently it is allowed to set the default pvid of a bridge to a value
> above VLAN_VID_MASK (0xfff). This patch checks the passed pvid and
> disables the pvid in case it is out of bounds.
Could we return an error (-EINVAL) to userspace instead? Silently
disabling the feature seems confusing to me. This would probably be
better in br_validate() (like the IFLA_BR_VLAN_PROTOCOL check), since
there's already such a check when setting default_pvid from sysfs (in
br_vlan_set_default_pvid()).
>
> Reproduce by calling:
>
> [root@...t ~]# ip l a type bridge
> [root@...t ~]# ip l a type dummy
> [root@...t ~]# ip l s bridge0 type bridge vlan_filtering 1
> [root@...t ~]# ip l s bridge0 type bridge vlan_default_pvid 9999
> [root@...t ~]# ip l s dummy0 master bridge0
> [root@...t ~]# bridge vlan
> port vlan ids
> bridge0 9999 PVID Egress Untagged
>
> dummy0 9999 PVID Egress Untagged
You'll also need to add a Signed-off-by, and a Fixes tag would be nice.
Thanks,
--
Sabrina
Powered by blists - more mailing lists