| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191008202025.3e5d749b@hermes.lan>
Date: Tue, 8 Oct 2019 20:20:25 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: Andrea Claudi <aclaudi@...hat.com>
Cc: netdev@...r.kernel.org, dsahern@...il.com
Subject: Re: [PATCH iproute2] tc: fix segmentation fault on gact action
On Tue, 1 Oct 2019 12:32:17 +0200
Andrea Claudi <aclaudi@...hat.com> wrote:
> tc segfaults if gact action is used without action or index:
>
> $ ip link add type dummy
> $ tc actions add action pipe index 1
> $ tc filter add dev dummy0 parent ffff: protocol ip \
> pref 10 u32 match ip src 127.0.0.2 flowid 1:10 action gact
> Segmentation fault
>
> We expect tc to fail gracefully with an error message.
>
> This happens if gact is the last argument of the incomplete
> command. In this case the "gact" action is parsed, the macro
> NEXT_ARG_FWD() is executed and the next matches() crashes
> because of null argv pointer.
>
> To avoid this, simply use NEXT_ARG() instead.
>
> With this change in place:
>
> $ ip link add type dummy
> $ tc actions add action pipe index 1
> $ tc filter add dev dummy0 parent ffff: protocol ip \
> pref 10 u32 match ip src 127.0.0.2 flowid 1:10 action gact
> Command line is not complete. Try option "help"
>
> Fixes: fa4958897314 ("tc: Fix binding of gact action by index.")
> Reported-by: Davide Caratti <dcaratti@...hat.com>
> Signed-off-by: Andrea Claudi <aclaudi@...hat.com>
Thanks, applied
Powered by blists - more mailing lists