| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jan 2019 21:45:05 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: jian.w.wen@...cle.com
Cc: netdev@...r.kernel.org, eric.dumazet@...il.com, gnault@...hat.com
Subject: Re: [PATCH net v4] l2tp: fix reading optional fields of L2TPv3
From: Jacob Wen <jian.w.wen@...cle.com>
Date: Wed, 30 Jan 2019 14:55:14 +0800
> Use pskb_may_pull() to make sure the optional fields are in skb linear
> parts, so we can safely read them later.
>
> It's easy to reproduce the issue with a net driver that supports paged
> skb data. Just create a L2TPv3 over IP tunnel and then generates some
> network traffic.
> Once reproduced, rx err in /sys/kernel/debug/l2tp/tunnels will increase.
>
> Changes in v4:
> 1. s/l2tp_v3_pull_opt/l2tp_v3_ensure_opt_in_linear/
> 2. s/tunnel->version != L2TP_HDR_VER_2/tunnel->version == L2TP_HDR_VER_3/
> 3. Add 'Fixes' in commit messages.
>
> Changes in v3:
> 1. To keep consistency, move the code out of l2tp_recv_common.
> 2. Use "net" instead of "net-next", since this is a bug fix.
>
> Changes in v2:
> 1. Only fix L2TPv3 to make code simple.
> To fix both L2TPv3 and L2TPv2, we'd better refactor l2tp_recv_common.
> It's complicated to do so.
> 2. Reloading pointers after pskb_may_pull
>
> Fixes: f7faffa3ff8e ("l2tp: Add L2TPv3 protocol support")
> Fixes: 0d76751fad77 ("l2tp: Add L2TPv3 IP encapsulation (no UDP) support")
> Fixes: a32e0eec7042 ("l2tp: introduce L2TPv3 IP encapsulation support for IPv6")
>
> Signed-off-by: Jacob Wen <jian.w.wen@...cle.com>
> Acked-by: Guillaume Nault <gnault@...hat.com>
Applied and queued up for -stable, thanks.
Powered by blists - more mailing lists