lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 11 Feb 2019 12:44:34 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Zubin Mithra <zsm@...omium.org>
Cc:     netdev@...r.kernel.org, posk@...gle.com, edumazet@...gle.com,
        willemb@...gle.com, davem@...emloft.net
Subject: Re: [PATCH v4.19.y] ip: fail fast on IP defrag errors

On Tue, Jan 22, 2019 at 09:43:44AM -0800, Zubin Mithra wrote:
> From: Peter Oskolkov <posk@...gle.com>
> 
> commit 0ff89efb524631ac9901b81446b453c29711c376 upstream
> 
> The current behavior of IP defragmentation is inconsistent:
> - some overlapping/wrong length fragments are dropped without
>   affecting the queue;
> - most overlapping fragments cause the whole frag queue to be dropped.
> 
> This patch brings consistency: if a bad fragment is detected,
> the whole frag queue is dropped. Two major benefits:
> - fail fast: corrupted frag queues are cleared immediately, instead of
>   by timeout;
> - testing of overlapping fragments is now much easier: any kind of
>   random fragment length mutation now leads to the frag queue being
>   discarded (IP packet dropped); before this patch, some overlaps were
>   "corrected", with tests not seeing expected packet drops.
> 
> Note that in one case (see "if (end&7)" conditional) the current
> behavior is preserved as there are concerns that this could be
> legitimate padding.
> 
> Signed-off-by: Peter Oskolkov <posk@...gle.com>
> Reviewed-by: Eric Dumazet <edumazet@...gle.com>
> Reviewed-by: Willem de Bruijn <willemb@...gle.com>
> Signed-off-by: David S. Miller <davem@...emloft.net>
> Signed-off-by: Zubin Mithra <zsm@...omium.org>
> ---
> Backport Note:
> - Syzkaller reported a UAF, as 0ff89efb5246 ("ip: fail fast on IP defrag
> errors") was not applied prior to applying d5f9565c8d5a ("net: ipv4: do
> not handle duplicate fragments as overlapping").
> Conflicts occur when 0ff89efb5246 is now applied onto 4.14.y/4.19.y,
> which this patch addresses.
> - An alternative to this patch would be to do the following :-
>     - revert "net: ipv4: do not handle duplicate fragments as overlapping"
>       (d5f9565c8d5ad on 4.19.y, 95b4b711444a on 4.14.y)
>     - apply "ip: fail fast on IP defrag errors" (0ff89efb5246)
>     - apply "net: ipv4: do not handle duplicate fragments as overlapping"
>       (ade446403bfb)

This patch does not apply to the current 4.19.y tree (well, on top of my
latest patches that are queued for the next release).

Can you refresh it after the next 4.19.y release in a few days and
resend it along with a new 4.14.y patch as well?

thanks,

greg k-h

Powered by blists - more mailing lists