lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 19 Oct 2017 15:32:25 +0800
From:   Xin Long <lucien.xin@...il.com>
To:     network dev <netdev@...r.kernel.org>
Cc:     davem@...emloft.net, Eric Dumazet <edumazet@...gle.com>,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
        Sabrina Dubroca <sd@...asysnail.net>
Subject: [PATCH net 2/2] inet_diag: request _diag module only when the proto has been registered

The patch 'sock_diag: request _diag module only when the family has
been registered' fixed a security issue for sock_diag, the same fix
is needed for inet_diag module when requesting _diag module.

Fixes: 305e1e969114 ("[INET]: Let inet_diag and friends autoload")
Reported-by: Sabrina Dubroca <sd@...asysnail.net>
Signed-off-by: Xin Long <lucien.xin@...il.com>
---
 include/net/protocol.h | 1 +
 net/ipv4/inet_diag.c   | 3 ++-
 net/ipv4/protocol.c    | 6 ++++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/include/net/protocol.h b/include/net/protocol.h
index 4fc75f7..bf0dcc2 100644
--- a/include/net/protocol.h
+++ b/include/net/protocol.h
@@ -103,6 +103,7 @@ extern struct inet6_protocol __rcu *inet6_protos[MAX_INET_PROTOS];
 
 int inet_add_protocol(const struct net_protocol *prot, unsigned char num);
 int inet_del_protocol(const struct net_protocol *prot, unsigned char num);
+bool inet_proto_is_added(unsigned char num);
 int inet_add_offload(const struct net_offload *prot, unsigned char num);
 int inet_del_offload(const struct net_offload *prot, unsigned char num);
 void inet_register_protosw(struct inet_protosw *p);
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index c9c35b6..1460031 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -27,6 +27,7 @@
 #include <net/inet_hashtables.h>
 #include <net/inet_timewait_sock.h>
 #include <net/inet6_hashtables.h>
+#include <net/protocol.h>
 #include <net/netlink.h>
 
 #include <linux/inet.h>
@@ -52,7 +53,7 @@ static DEFINE_MUTEX(inet_diag_table_mutex);
 
 static const struct inet_diag_handler *inet_diag_lock_handler(int proto)
 {
-	if (!inet_diag_table[proto])
+	if (!inet_diag_table[proto] && inet_proto_is_added(proto))
 		request_module("net-pf-%d-proto-%d-type-%d-%d", PF_NETLINK,
 			       NETLINK_SOCK_DIAG, AF_INET, proto);
 
diff --git a/net/ipv4/protocol.c b/net/ipv4/protocol.c
index 32a691b..183386a 100644
--- a/net/ipv4/protocol.c
+++ b/net/ipv4/protocol.c
@@ -77,3 +77,9 @@ int inet_del_offload(const struct net_offload *prot, unsigned char protocol)
 	return ret;
 }
 EXPORT_SYMBOL(inet_del_offload);
+
+bool inet_proto_is_added(unsigned char protocol)
+{
+	return !!rcu_access_pointer(inet_protos[protocol]);
+}
+EXPORT_SYMBOL(inet_proto_is_added);
-- 
2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ