lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d2f5dfb4c56632a741f6a273bd4cf729e175c4c8.camel@redhat.com>
Date:   Wed, 16 Jan 2019 18:30:28 +0100
From:   Davide Caratti <dcaratti@...hat.com>
To:     Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
Cc:     davem@...emloft.net, netdev@...r.kernel.org, u9012063@...il.com,
        Jiri Benc <jbenc@...hat.com>
Subject: Re: [PATCH net] net: ip6_gre: use erspan key field for tunnel
 lookup

On Wed, 2019-01-16 at 17:40 +0100, Lorenzo Bianconi wrote:

> Does '((*(u8 *)options & 0xF0) != 0x40)' have the same issue?

(cc-ing Jiri Benc, he probably knows more on this part)

in my opinion, yes, theoretically there might be situations where the
above line reads 1 byte outside the linear area of the skb. Probably the
fix for this is unrelated, and needs to be done in another patch.

For the record, git annotate on this line shows

00b203402984 ("gre: remove superfluous pskb_may_pull")

but I think it was reading out of the linear area also before that commit,
and that commit is correct, because pskb_may_pull() is called later using
the return value of gre_parse_header().

(other eyes over here are welcome :) )
-- 
davide

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ