| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Jul 2019 18:29:17 -0600 From: David Ahern <dsahern@...il.com> To: Cong Wang <xiyou.wangcong@...il.com>, netdev@...r.kernel.org Cc: Julian Anastasov <ja@....bg> Subject: Re: [Patch net] fib: relax source validation check for loopback packets On 7/13/19 4:42 PM, David Ahern wrote: > On 7/12/19 2:17 PM, Cong Wang wrote: >> diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c >> index 317339cd7f03..8662a44a28f9 100644 >> --- a/net/ipv4/fib_frontend.c >> +++ b/net/ipv4/fib_frontend.c >> @@ -388,6 +388,12 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, >> fib_combine_itag(itag, &res); >> >> dev_match = fib_info_nh_uses_dev(res.fi, dev); >> + /* This is rare, loopback packets retain skb_dst so normally they >> + * would not even hit this slow path. >> + */ >> + dev_match = dev_match || (res.type == RTN_LOCAL && >> + dev == net->loopback_dev && > > The dev should not be needed. res.type == RTN_LOCAL should be enough, no? > nevermind, I see why you have the dev check.
Powered by blists - more mailing lists