lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <b693de81-ba14-fe57-4e28-cdd7c95a7899@gmail.com>
Date:   Thu, 8 Mar 2018 10:44:37 -0700
From:   David Ahern <dsahern@...il.com>
To:     Roopa Prabhu <roopa@...ulusnetworks.com>
Cc:     netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 net-next v4] iprule: support for ip_proto, sport
 and dport match options

On 3/7/18 9:03 PM, Roopa Prabhu wrote:
> @@ -802,6 +836,39 @@ static int iprule_modify(int cmd, int argc, char **argv)
>  			addattr32(&req.n, sizeof(req), RTA_GATEWAY,
>  				  get_addr32(*argv));
>  			req.frh.action = RTN_NAT;
> +		} else if (strcmp(*argv, "ip_proto") == 0) {
> +			__u8 ip_proto;
> +
> +			NEXT_ARG();
> +			ip_proto = inet_proto_a2n(*argv);
> +			if (ip_proto < 0)
> +				invarg("Invalid \"ip_proto\" value\n",
> +				       *argv);

as a __u8 ip_proto is never < 0 which means you are not catching invalid
protocol names and the rules get installed as 255:

$ ip -6 ru add pref 999 ip_proto ndisc table 13
$ ip -6 ru ls
999:	from all ip_proto ipproto-255 lookup 13
...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ