lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Dec 2019 11:20:57 -0500 From: Willem de Bruijn <willemdebruijn.kernel@...il.com> To: Tom Herbert <tom@...bertland.com> Cc: David Miller <davem@...emloft.net>, Network Development <netdev@...r.kernel.org>, simon.horman@...ronome.com, Tom Herbert <tom@...ntonium.net> Subject: Re: [PATCH v6 net-next 1/9] ipeh: Fix destopts and hopopts counters on drop On Fri, Dec 20, 2019 at 6:39 PM Tom Herbert <tom@...bertland.com> wrote: > > From: Tom Herbert <tom@...ntonium.net> > > For destopts, bump IPSTATS_MIB_INHDRERRORS when limit of length > of extension header is exceeded. > > For hop-by-hop options, bump IPSTATS_MIB_INHDRERRORS in same > situations as for when destopts are dropped. > > Signed-off-by: Tom Herbert <tom@...bertland.com> > --- > net/ipv6/exthdrs.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c > index ab5add0..f605e4e 100644 > --- a/net/ipv6/exthdrs.c > +++ b/net/ipv6/exthdrs.c > @@ -288,9 +288,9 @@ static int ipv6_destopt_rcv(struct sk_buff *skb) > if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) || > !pskb_may_pull(skb, (skb_transport_offset(skb) + > ((skb_transport_header(skb)[1] + 1) << 3)))) { > +fail_and_free: > __IP6_INC_STATS(dev_net(dst->dev), idev, > IPSTATS_MIB_INHDRERRORS); > -fail_and_free: > kfree_skb(skb); > return -1; > } > @@ -820,8 +820,10 @@ static const struct tlvtype_proc tlvprochopopt_lst[] = { > > int ipv6_parse_hopopts(struct sk_buff *skb) > { > + struct inet6_dev *idev = __in6_dev_get(skb->dev); > struct inet6_skb_parm *opt = IP6CB(skb); > struct net *net = dev_net(skb->dev); > + struct dst_entry *dst = skb_dst(skb); > int extlen; > > /* > @@ -834,6 +836,8 @@ int ipv6_parse_hopopts(struct sk_buff *skb) > !pskb_may_pull(skb, (sizeof(struct ipv6hdr) + > ((skb_transport_header(skb)[1] + 1) << 3)))) { > fail_and_free: > + __IP6_INC_STATS(dev_net(dst->dev), idev, > + IPSTATS_MIB_INHDRERRORS); ip6_rcv_core, the only caller of ipv6_parse_hopopts, checks skb_valid_dst(skb) before deref. Does this need the same?
Powered by blists - more mailing lists