| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Oct 2018 16:01:40 -0700
From: Vlad Dumitrescu <vlad@...itrescu.ro>
To: stephen@...workplumber.org, chrism@...lanox.com,
Mahesh Bandewar <maheshb@...gle.com>
Cc: netdev@...r.kernel.org, Vlad Dumitrescu <vladum@...gle.com>
Subject: Re: [PATCH iproute2] lib/libnetlink: fix response seq check
Hi,
On Fri, Sep 28, 2018 at 10:14 AM <vlad@...itrescu.ro> wrote:
>
> From: Vlad Dumitrescu <vladum@...gle.com>
>
> Taking a one-iovec example, with rtnl->seq at 42. iovlen == 1, seq
> becomes 43 on line 604, and a message is sent with nlmsg_seq == 43. If
> a response with nlmsg_seq of 42 is received, the condition being fixed
> in this patch would incorrectly accept it.
>
> Fixes: 72a2ff3916e5 ("lib/libnetlink: Add a new function rtnl_talk_iov")
> Signed-off-by: Vlad Dumitrescu <vladum@...gle.com>
> ---
> lib/libnetlink.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/libnetlink.c b/lib/libnetlink.c
> index f18dceac..4d2416bf 100644
> --- a/lib/libnetlink.c
> +++ b/lib/libnetlink.c
> @@ -647,7 +647,7 @@ static int __rtnl_talk_iov(struct rtnl_handle *rtnl, struct iovec *iov,
>
> if (nladdr.nl_pid != 0 ||
> h->nlmsg_pid != rtnl->local.nl_pid ||
> - h->nlmsg_seq > seq || h->nlmsg_seq < seq - iovlen) {
> + h->nlmsg_seq > seq || h->nlmsg_seq < seq - iovlen + 1) {
> /* Don't forget to skip that message. */
> status -= NLMSG_ALIGN(len);
> h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
> --
> 2.19.0.605.g01d371f741-goog
Did anybody get a chance to review this? I'm not 100% sure I'm fixing
the right thing.
Thanks,
Vlad
Powered by blists - more mailing lists