| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0ba60aa7-9791-a023-0d5b-a8bc0223fffd@cumulusnetworks.com>
Date: Mon, 15 May 2017 15:05:38 +0300
From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
To: Tobias Jungel <tobias.jungel@...dn.de>,
Stephen Hemminger <stephen@...workplumber.org>,
"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH] bridge: netlink: check vlan_default_pvid range
On 5/15/17 2:08 PM, Tobias Jungel wrote:
> Currently it is allowed to set the default pvid of a bridge to a value
> above VLAN_VID_MASK (0xfff). This patch checks the passed pvid and
> disables the pvid in case it is out of bounds.
>
> Reproduce by calling:
>
> [root@...t ~]# ip l a type bridge
> [root@...t ~]# ip l a type dummy
> [root@...t ~]# ip l s bridge0 type bridge vlan_filtering 1
> [root@...t ~]# ip l s bridge0 type bridge vlan_default_pvid 9999
> [root@...t ~]# ip l s dummy0 master bridge0
> [root@...t ~]# bridge vlan
> port vlan ids
> bridge0 9999 PVID Egress Untagged
>
> dummy0 9999 PVID Egress Untagged
> ---
> net/bridge/br_vlan.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Good catch, but this is not the right fix. Default pvid of 0 disables the
default pvid, but a wrong pvid should result in -EINVAL return instead of
0. Take a look how the parent default pvid function handles this case
(br_vlan_set_default_pvid).
Also please add a sign off and a proper Fixes tag.
For more information about submitting patches you can check
Documentation/SubmittingPatches
Thanks,
Nik
Powered by blists - more mailing lists