lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 23 Apr 2019 10:25:30 -0700
From:   Peter Oskolkov <posk@...gle.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, netdev@...r.kernel.org
Cc:     Peter Oskolkov <posk@...k.io>, David Miller <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Sasha Levin <sashal@...nel.org>,
        Captain Wiggum <captwiggum@...il.com>,
        Lars Persson <lists@...h.nu>, Peter Oskolkov <posk@...gle.com>
Subject: [PATCH 4.19 stable v2 0/3] net: ip6 defrag: backport fixes

Lars Persson <lists@...h.nu> reported that a label was unused in
the 4.14 version of this patchset, and the issue was present in
the 4.19 patchset as well, so I'm sending a v2 that fixes it.

The original 4.19 patchset queued for stable is OK, and
can be used as is, but this v2 is a bit better: it fixes the
unused label issue and handles overlapping fragments better.

Sorry for the mess/v2.

=======================

Currently, 4.19 and earlier stable kernels contain a security fix
that is not fully IPv6 standard compliant.

This patchset backports IPv6 defrag fixes from 5.1rc that restore
standard-compliance.

Original 5.1 patchet: https://patchwork.ozlabs.org/cover/1029418/

v2 changes: handle overlapping fragments the way it is done upstream


Peter Oskolkov (3):
  net: IP defrag: encapsulate rbtree defrag code into callable functions
  net: IP6 defrag: use rbtrees for IPv6 defrag
  net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c

 include/net/inet_frag.h                 |  16 +-
 include/net/ipv6_frag.h                 |  11 +-
 net/ipv4/inet_fragment.c                | 293 +++++++++++++++++++++++
 net/ipv4/ip_fragment.c                  | 302 +++---------------------
 net/ipv6/netfilter/nf_conntrack_reasm.c | 260 ++++++--------------
 net/ipv6/reassembly.c                   | 240 ++++++-------------
 6 files changed, 488 insertions(+), 634 deletions(-)

-- 
2.21.0.593.g511ec345e18-goog

Powered by blists - more mailing lists