lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <42288a9d-c288-7932-e670-83f0e2b40f90@huawei.com>
Date:   Fri, 25 Jan 2019 10:24:15 +0800
From:   maowenan <maowenan@...wei.com>
To:     Greg KH <gregkh@...ux-foundation.org>
CC:     <netdev@...r.kernel.org>, <eric.dumazet@...il.com>,
        <davem@...emloft.net>, <stable@...r.kernel.org>,
        <edumazet@...gle.com>
Subject: Re: [PATCH stable 4.4 06/11] ipv6: defrag: drop non-last frags
 smaller than min mtu



On 2019/1/25 2:31, Greg KH wrote:
> On Wed, Jan 23, 2019 at 10:19:41AM +0800, Mao Wenan wrote:
>> From: Florian Westphal <fw@...len.de>
>>
>> [ Upstream commit 0ed4229b08c13c84a3c301a08defdc9e7f4467e6 ]
>>
>> don't bother with pathological cases, they only waste cycles.
>> IPv6 requires a minimum MTU of 1280 so we should never see fragments
>> smaller than this (except last frag).
>>
>> v3: don't use awkward "-offset + len"
>> v2: drop IPv4 part, which added same check w. IPV4_MIN_MTU (68).
>>     There were concerns that there could be even smaller frags
>>     generated by intermediate nodes, e.g. on radio networks.
>>
>> Cc: Peter Oskolkov <posk@...gle.com>
>> Cc: Eric Dumazet <edumazet@...gle.com>
>> Signed-off-by: Florian Westphal <fw@...len.de>
>> Signed-off-by: David S. Miller <davem@...emloft.net>
>> Signed-off-by: Mao Wenan <maowenan@...wei.com>
>> ---
>>  net/ipv6/netfilter/nf_conntrack_reasm.c | 4 ++++
>>  net/ipv6/reassembly.c                   | 4 ++++
>>  2 files changed, 8 insertions(+)
>>
>> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
>> index 9cd8863..c5033a2 100644
>> --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
>> +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
>> @@ -602,6 +602,10 @@ struct sk_buff *nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 use
>>  	hdr = ipv6_hdr(clone);
>>  	fhdr = (struct frag_hdr *)skb_transport_header(clone);
>>  
>> +	if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
>> +	    fhdr->frag_off & htons(IP6_MF))
>> +		return -EINVAL;
> 
> This backport is incorrect, you should be returning a pointer, right?

Thank you for correcting me, the return value should be a pointer,
I will fix it and test all of patches again, then resend v2.
sorry for my mistake.
> 
> How did you test this?  This should have blown up under test :(
> 
> I'm going to drop this whole series.  Please fix it up and test it
> properly and then resend.
> 
> thanks,
> 
> greg k-h
> 
> .
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ