lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20190130.214505.2134481819196646275.davem@davemloft.net>
Date:   Wed, 30 Jan 2019 21:45:05 -0800 (PST)
From:   David Miller <davem@...emloft.net>
To:     jian.w.wen@...cle.com
Cc:     netdev@...r.kernel.org, eric.dumazet@...il.com, gnault@...hat.com
Subject: Re: [PATCH net v4] l2tp: fix reading optional fields of L2TPv3

From: Jacob Wen <jian.w.wen@...cle.com>
Date: Wed, 30 Jan 2019 14:55:14 +0800

> Use pskb_may_pull() to make sure the optional fields are in skb linear
> parts, so we can safely read them later.
> 
> It's easy to reproduce the issue with a net driver that supports paged
> skb data. Just create a L2TPv3 over IP tunnel and then generates some
> network traffic.
> Once reproduced, rx err in /sys/kernel/debug/l2tp/tunnels will increase.
> 
> Changes in v4:
> 1. s/l2tp_v3_pull_opt/l2tp_v3_ensure_opt_in_linear/
> 2. s/tunnel->version != L2TP_HDR_VER_2/tunnel->version == L2TP_HDR_VER_3/
> 3. Add 'Fixes' in commit messages.
> 
> Changes in v3:
> 1. To keep consistency, move the code out of l2tp_recv_common.
> 2. Use "net" instead of "net-next", since this is a bug fix.
> 
> Changes in v2:
> 1. Only fix L2TPv3 to make code simple.
>    To fix both L2TPv3 and L2TPv2, we'd better refactor l2tp_recv_common.
>    It's complicated to do so.
> 2. Reloading pointers after pskb_may_pull
> 
> Fixes: f7faffa3ff8e ("l2tp: Add L2TPv3 protocol support")
> Fixes: 0d76751fad77 ("l2tp: Add L2TPv3 IP encapsulation (no UDP) support")
> Fixes: a32e0eec7042 ("l2tp: introduce L2TPv3 IP encapsulation support for IPv6")
> 
> Signed-off-by: Jacob Wen <jian.w.wen@...cle.com>
> Acked-by: Guillaume Nault <gnault@...hat.com>

Applied and queued up for -stable, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ