| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Nov 2018 15:51:53 -0600
From: David Ahern <dsahern@...il.com>
To: Alexey Kodanev <alexey.kodanev@...cle.com>, netdev@...r.kernel.org
Cc: David Miller <davem@...emloft.net>
Subject: Re: [PATCH net] rtnetlink: invoke 'cb->done' destructor before
'cb->args' reset
On 11/1/18 7:42 AM, Alexey Kodanev wrote:
> On 11/01/2018 04:11 PM, Alexey Kodanev wrote:
>> On 10/31/2018 08:35 PM, David Ahern wrote:
>>> On 10/31/18 10:55 AM, David Ahern wrote:
>>>> I think the simplest fix for 4.20 is to break the loop if ret is non-0 -
>>>> restore the previous behavior.
>>>
>>> that is the only recourse. It has to bail if ret is non-0. Do you want
>>> to send a patch with that fix?
>>>
>>
>> I see, and inet6_dump_fib() cleanups fib6_walker if ret is zero. Will send the fix.
>
> Can it happen that inet6_dump_fib() returns skb->len (0) in the below cases?
>
> * if (arg.filter.flags & RTM_F_CLONED)
> return skb->len;
>
> ...
>
> w = (void *)cb->args[2];
> if (!w) {
> ...
> w = kzalloc(...)
> ...
>
> * if (arg.filter.table_id) {
> ...
> if (!tb) {
> if (arg.filter.dump_all_families)
> return skb->len;
>
>
> Would it be safer to add "res = skb->len; goto out;" instead of "return skb->len;"
> so that it can call fib6_dump_end() for "res <= 0"? Or use cb->data instead of
> cb->args?
>
Since res is initialized to 0, both of those can just be 'goto out;'
The break in dump_all is still needed though.
Powered by blists - more mailing lists