| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <64c1aa20-7e9a-68d5-5c1f-5ab059fc6c9e@gmail.com>
Date: Thu, 4 Oct 2018 14:34:28 -0600
From: David Ahern <dsahern@...il.com>
To: Mauricio Faria de Oliveira <mfo@...onical.com>,
netdev@...r.kernel.org
Cc: davem@...emloft.net
Subject: Re: [PATCH v2 net-next] rtnetlink: fix rtnl_fdb_dump() for ndmsg
header
On 10/1/18 7:46 PM, Mauricio Faria de Oliveira wrote:
> Currently, rtnl_fdb_dump() assumes the family header is 'struct ifinfomsg',
> which is not always true -- 'struct ndmsg' is used by iproute2 ('ip neigh').
>
> The problem is, the function bails out early if nlmsg_parse() fails, which
> does occur for iproute2 usage of 'struct ndmsg' because the payload length
> is shorter than the family header alone (as 'struct ifinfomsg' is assumed).
>
> This breaks backward compatibility with userspace -- nothing is sent back.
>
...
>
> Fixes: 0ff50e83b512 ("net: rtnetlink: bail out from rtnl_fdb_dump() on parse error")
> Fixes: 5e6d24358799 ("bridge: netlink dump interface at par with brctl")
> Reported-by: Aidan Obley <aobley@...otal.io>
> Signed-off-by: Mauricio Faria de Oliveira <mfo@...onical.com>
>
> ---
> v2: Change logic to check msg size for ndmsg with optional attribute.
> Thanks: David Ahern <dsahern@...il.com>
>
> net/core/rtnetlink.c | 29 ++++++++++++++++++++---------
> 1 file changed, 20 insertions(+), 9 deletions(-)
>
Seems reasonable for 4.19 and back
Reviewed-by: David Ahern <dsahern@...il.com>
Powered by blists - more mailing lists