lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 11 Jan 2020 10:38:23 -0700
From:   David Ahern <dsahern@...il.com>
To:     Hangbin Liu <liuhangbin@...il.com>
Cc:     netdev@...r.kernel.org,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        "David S . Miller" <davem@...emloft.net>
Subject: Re: [PATCH net] net/route: remove ip route rtm_src_len, rtm_dst_len
 valid check

On 1/10/20 6:18 PM, Hangbin Liu wrote:
> On Fri, Jan 10, 2020 at 02:48:03PM -0700, David Ahern wrote:
>> On 1/10/20 1:24 AM, Hangbin Liu wrote:
>>> In patch set e266afa9c7af ("Merge branch
>>> 'net-use-strict-checks-in-doit-handlers'") we added a check for
>>> rtm_src_len, rtm_dst_len, which will cause cmds like
>>> "ip route get 192.0.2.0/24" failed.
>>
>> kernel does not handle route gets for a range. Any output is specific to
>> the prefix (192.0.2.0 in your example) so it seems to me the /24 request
>> should fail.
>>
> 
> OK, so we should check all the range field if NETLINK_F_STRICT_CHK supplied,
> like the following patch, right?

a dst_len / src_len of 32 (or 128 for v6) is ok. It still means only the
prefix is used for the route get. That's why it was coded this way as
part of the change for stricter checking.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ