| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <33ee3975-3447-2c1f-f752-ed77e47f3f15@redhat.com>
Date: Fri, 19 Jan 2018 16:19:58 +0800
From: Jason Wang <jasowang@...hat.com>
To: Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc: Network Development <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Willem de Bruijn <willemb@...gle.com>
Subject: Re: [PATCH net] net: validate untrusted gso packets
On 2018年01月19日 08:53, Willem de Bruijn wrote:
>>>> And what you propose here is just a very small subset of the
>>>> necessary checking, more comes at gso header checking. So even if we care
>>>> performance, it only help for some specific case.
>>> It also fixed the bug that Eric sent a separate patch for, as that did
>>> not dissect as a valid TCP packet, either.
>> I may miss something but how did this patch protects an evil thoff?
> Actually, it blocked that specific reproducer because the ip protocol
> did not match.
I see.
>
> I think that __skb_flow_dissect_tcp should return a boolean, causing
> dissection return FLOW_DISSECT_RET_OUT_BAD if the tcph is bad.
> That would be needed to really catch it with flow dissection at the source.
Just sanitize transport to offset_hint (0) in the case of tun. It looks
to me flow dissector will return FLOW_DISSECT_RET_OUT_BAD too if it
can't recognize the protocol. We can't differ the real failure from
unrecognized protocol. (or change the return from bool to int).
Thanks
Powered by blists - more mailing lists