lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 2 Apr 2019 08:38:53 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Captain Wiggum <captwiggum@...il.com>
Cc:     Florian Westphal <fw@...len.de>,
        Eric Dumazet <edumazet@...gle.com>,
        Peter Oskolkov <posk@...gle.com>, netdev@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: Please merge IPv6 fix for drop fragment smaller than MTU

On Mon, Apr 01, 2019 at 03:34:52PM -0600, Captain Wiggum wrote:
> Hi Greg,
> 
> An error was introduced in 4.9.134 (and the other LTS branches also).
> This causes 18 test cases from the TAHI IPv6 test suite to fail.
> I added you to the mail thread about this subject a month back.
> It has been fixed in upstream for some time now, but not in the LTS branches.
> Please merge this undo-patch into the LTS branches.
> 
> $ git diff a8444b1ccb20339774af58e40ad42296074fb484
> a8444b1ccb20339774af58e40ad42296074fb484~
> 
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
> b/net/ipv6/netfilter/nf_conntrack_reasm.c
> index b815417..ff49d1f 100644
> --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
> +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
> @@ -564,10 +564,6 @@ int nf_ct_frag6_gather(struct net *net, struct
> sk_buff *skb, u32 user)
>         hdr = ipv6_hdr(skb);
>         fhdr = (struct frag_hdr *)skb_transport_header(skb);
> 
> -       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
> -           fhdr->frag_off & htons(IP6_MF))
> -               return -EINVAL;
> -
>         skb_orphan(skb);
>         fq = fq_find(net, fhdr->identification, user, hdr,
>                      skb->dev ? skb->dev->ifindex : 0);
> diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
> index 78656bb..dbe726c 100644
> --- a/net/ipv6/reassembly.c
> +++ b/net/ipv6/reassembly.c
> @@ -516,10 +516,6 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
>                 return 1;
>         }
> 
> -       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
> -           fhdr->frag_off & htons(IP6_MF))
> -               goto fail_hdr;
> -
>         iif = skb->dev ? skb->dev->ifindex : 0;
>         fq = fq_find(net, fhdr->identification, hdr, iif);
>         if (fq) {

I can't take a random, white-space damaged patch to a stable kernel tree
without it being submitted in a format that I can apply it in at the
very least :(

Also, please always cc: stable@...r.kernel.org for stable kernel things,
the documentation:
    https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
should have explained all of this, and if not, please let us know what
needs to be improved there.

If you can resend this there, and mention the needed follow-on patches,
I will be glad to queue it up.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ