lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALDO+SZPmF_UG9BsZKD2FzJUbx0PcUYKrOpp4Xta4Wufezhh+g@mail.gmail.com>
Date:   Thu, 5 Oct 2017 14:20:31 -0700
From:   William Tu <u9012063@...il.com>
To:     David Laight <David.Laight@...lab.com>
Cc:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Xin Long <lucien.xin@...il.com>
Subject: Re: [PATCH net-next] ip_gre: check packet length and mtu correctly in erspan_fb_xmit

On Thu, Oct 5, 2017 at 6:59 AM, David Laight <David.Laight@...lab.com> wrote:
> From: William Tu
>> Sent: 05 October 2017 01:14
>> Similarly to early patch for erspan_xmit(), the ARPHDR_ETHER device
>> is the length of the whole ether packet.  So skb->len should subtract
>> the dev->hard_header_len.
>>
>> Fixes: 1a66a836da63 ("gre: add collect_md mode to ERSPAN tunnel")
>> Signed-off-by: William Tu <u9012063@...il.com>
>> Cc: Xin Long <lucien.xin@...il.com>
>> ---
>>  net/ipv4/ip_gre.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
>> index b279c325c7f6..10b21fe5b3a6 100644
>> --- a/net/ipv4/ip_gre.c
>> +++ b/net/ipv4/ip_gre.c
>> @@ -579,7 +579,7 @@ static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev,
>>       if (gre_handle_offloads(skb, false))
>>               goto err_free_rt;
>>
>> -     if (skb->len > dev->mtu) {
>> +     if (skb->len - dev->hard_header_len > dev->mtu) {
>
> Can you guarantee that skb->len > dev_hard_header_len?
> It is probably safer to check skb->len > dev->hard_header_len + dev->mtu
> since that addition isn't going to overflow.
Sure, I will fix it.

>
>>               pskb_trim(skb, dev->mtu);
>>               truncate = true;
>
> Is that pskb_trim() now truncating to the correct size?

You're right, now I should truncate to (dev->mtu + dev_hard_header_len)
Thanks
William

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ