lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 06 Jan 2020 12:51:21 +0900 From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> To: David Ahern <dsahern@...il.com> Cc: Casey Schaufler <casey@...aufler-ca.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: commit b9ef5513c99b breaks ping to ipv6 linklocal addresses on debian buster Hello David, Thank you for reporting. Will you confirm that this patch fixes your problem? ---------------------------------------- >From 06a61125a79139941cdebee3a24b0b4bed576742 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Date: Mon, 6 Jan 2020 12:46:49 +0900 Subject: [PATCH] smack: Don't reject IPv6's bind() when socket family is invalid David Ahern has reported that commit b9ef5513c99bf9c8 ("smack: Check address length before reading address family") breaks ping program in Debian Buster because that version of ping program is by error using AF_UNSPEC instead of AF_INET6 when calling connect(). Since rawv6_bind() will fail with -EINVAL and __inet6_bind() from inet6_bind() will fail with -EAFNOSUPPORT if sin6_family != AF_INET6, smack_socket_bind() can return 0 rather than -EINVAL. Reported-by: David Ahern <dsahern@...il.com> Bisected-by: David Ahern <dsahern@...il.com> Fixes: b9ef5513c99bf9c8 ("smack: Check address length before reading address family") Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Cc: stable@...r.kernel.org --- security/smack/smack_lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ecea41ce919b..5b2177724d5e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2810,7 +2810,7 @@ static int smack_socket_bind(struct socket *sock, struct sockaddr *address, if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { if (addrlen < SIN6_LEN_RFC2133 || address->sa_family != AF_INET6) - return -EINVAL; + return 0; smk_ipv6_port_label(sock, address); } return 0; -- 2.16.6
Powered by blists - more mailing lists