| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180704.213842.1687330861488453118.davem@davemloft.net>
Date: Wed, 04 Jul 2018 21:38:42 +0900 (KST)
From: David Miller <davem@...emloft.net>
To: lucien.xin@...il.com
Cc: netdev@...r.kernel.org, linux-sctp@...r.kernel.org,
marcelo.leitner@...il.com, nhorman@...driver.com,
syzkaller@...glegroups.com
Subject: Re: [PATCHv2 net] sctp: fix the issue that pathmtu may be set
lower than MINSEGMENT
From: Xin Long <lucien.xin@...il.com>
Date: Tue, 3 Jul 2018 16:30:47 +0800
> After commit b6c5734db070 ("sctp: fix the handling of ICMP Frag Needed
> for too small MTUs"), sctp_transport_update_pmtu would refetch pathmtu
> from the dst and set it to transport's pathmtu without any check.
>
> The new pathmtu may be lower than MINSEGMENT if the dst is obsolete and
> updated by .get_dst() in sctp_transport_update_pmtu. In this case, it
> could have a smaller MTU as well, and thus we should validate it
> against MINSEGMENT instead.
>
> Syzbot reported a warning in sctp_mtu_payload caused by this.
>
> This patch refetches the pathmtu by calling sctp_dst_mtu where it does
> the check against MINSEGMENT.
>
> v1->v2:
> - refetch the pathmtu by calling sctp_dst_mtu instead as Marcelo's
> suggestion.
>
> Fixes: b6c5734db070 ("sctp: fix the handling of ICMP Frag Needed for too small MTUs")
> Reported-by: syzbot+f0d9d7cba052f9344b03@...kaller.appspotmail.com
> Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
> Signed-off-by: Xin Long <lucien.xin@...il.com>
Applied and queued up for -stable.
Powered by blists - more mailing lists