lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 1 Apr 2019 15:34:52 -0600
From:   Captain Wiggum <captwiggum@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Florian Westphal <fw@...len.de>,
        Eric Dumazet <edumazet@...gle.com>,
        Peter Oskolkov <posk@...gle.com>, netdev@...r.kernel.org
Subject: Please merge IPv6 fix for drop fragment smaller than MTU

Hi Greg,

An error was introduced in 4.9.134 (and the other LTS branches also).
This causes 18 test cases from the TAHI IPv6 test suite to fail.
I added you to the mail thread about this subject a month back.
It has been fixed in upstream for some time now, but not in the LTS branches.
Please merge this undo-patch into the LTS branches.

$ git diff a8444b1ccb20339774af58e40ad42296074fb484
a8444b1ccb20339774af58e40ad42296074fb484~

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
b/net/ipv6/netfilter/nf_conntrack_reasm.c
index b815417..ff49d1f 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -564,10 +564,6 @@ int nf_ct_frag6_gather(struct net *net, struct
sk_buff *skb, u32 user)
        hdr = ipv6_hdr(skb);
        fhdr = (struct frag_hdr *)skb_transport_header(skb);

-       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
-           fhdr->frag_off & htons(IP6_MF))
-               return -EINVAL;
-
        skb_orphan(skb);
        fq = fq_find(net, fhdr->identification, user, hdr,
                     skb->dev ? skb->dev->ifindex : 0);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 78656bb..dbe726c 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -516,10 +516,6 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
                return 1;
        }

-       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
-           fhdr->frag_off & htons(IP6_MF))
-               goto fail_hdr;
-
        iif = skb->dev ? skb->dev->ifindex : 0;
        fq = fq_find(net, fhdr->identification, hdr, iif);
        if (fq) {

Powered by blists - more mailing lists