| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190626115855.13241-4-nikolay@cumulusnetworks.com>
Date: Wed, 26 Jun 2019 14:58:53 +0300
From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
To: netdev@...r.kernel.org
Cc: roopa@...ulusnetworks.com, pablo@...filter.org,
xiyou.wangcong@...il.com, davem@...emloft.net, jiri@...nulli.us,
jhs@...atatu.com, eyal.birger@...il.com,
Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
Subject: [PATCH net-next 3/5] net: sched: em_ipt: restrict matching to the respective protocol
Currently a match will continue even if the user-specified nfproto
doesn't match the packet's, so restrict it only to when they're equal or
the protocol is unspecified.
Signed-off-by: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
---
net/sched/em_ipt.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/sched/em_ipt.c b/net/sched/em_ipt.c
index 23965a071177..d4257f5f1d94 100644
--- a/net/sched/em_ipt.c
+++ b/net/sched/em_ipt.c
@@ -187,11 +187,17 @@ static int em_ipt_match(struct sk_buff *skb, struct tcf_ematch *em,
switch (tc_skb_protocol(skb)) {
case htons(ETH_P_IP):
+ if (im->match->family != NFPROTO_UNSPEC &&
+ im->match->family != NFPROTO_IPV4)
+ return 0;
if (!pskb_network_may_pull(skb, sizeof(struct iphdr)))
return 0;
state.pf = NFPROTO_IPV4;
break;
case htons(ETH_P_IPV6):
+ if (im->match->family != NFPROTO_UNSPEC &&
+ im->match->family != NFPROTO_IPV6)
+ return 0;
if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))
return 0;
state.pf = NFPROTO_IPV6;
--
2.20.1
Powered by blists - more mailing lists