| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANnrxJhUdk6s9_oRRyV+iC7Q_NzAFk5b9=FW5oGtuOuiFdHFvg@mail.gmail.com>
Date: Thu, 19 Apr 2018 08:37:36 +0300
From: yotam gigi <yotam.gi@...il.com>
To: Alexander Aring <aring@...atatu.com>
Cc: Jamal Hadi Salim <jhs@...atatu.com>, davem@...emloft.net,
Cong Wang <xiyou.wangcong@...il.com>,
Jiří Pírko <jiri@...nulli.us>,
Yuval Mintz <yuvalm@...lanox.com>, netdev@...r.kernel.org,
kernel@...atatu.com
Subject: Re: [PATCH net 3/3] net: sched: ife: check on metadata length
On Thu, Apr 19, 2018 at 12:35 AM, Alexander Aring <aring@...atatu.com> wrote:
> This patch checks if sk buffer is available to dererence ife header. If
> not then NULL will returned to signal an malformed ife packet. This
> avoids to crashing the kernel from outside.
>
> Signed-off-by: Alexander Aring <aring@...atatu.com>
Reviewed-by: Yotam Gigi <yotam.gi@...il.com>
> ---
> net/ife/ife.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/ife/ife.c b/net/ife/ife.c
> index 8632d2685efb..7c100034fbee 100644
> --- a/net/ife/ife.c
> +++ b/net/ife/ife.c
> @@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen)
> u16 ifehdrln;
>
> ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len);
> + if (skb->len < skb->dev->hard_header_len + IFE_METAHDRLEN)
> + return NULL;
> +
> ifehdrln = ntohs(ifehdr->metalen);
> total_pull = skb->dev->hard_header_len + ifehdrln;
>
> --
> 2.11.0
>
Powered by blists - more mailing lists