lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Feb 2020 11:13:55 -0800 (PST) From: David Miller <davem@...emloft.net> To: nikolay@...ulusnetworks.com Cc: netdev@...r.kernel.org, roopa@...ulusnetworks.com, bridge@...ts.linux-foundation.org Subject: Re: [PATCH net v2] net: bridge: fix stale eth hdr pointer in br_dev_xmit From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com> Date: Mon, 24 Feb 2020 18:46:22 +0200 > In br_dev_xmit() we perform vlan filtering in br_allowed_ingress() but > if the packet has the vlan header inside (e.g. bridge with disabled > tx-vlan-offload) then the vlan filtering code will use skb_vlan_untag() > to extract the vid before filtering which in turn calls pskb_may_pull() > and we may end up with a stale eth pointer. Moreover the cached eth header > pointer will generally be wrong after that operation. Remove the eth header > caching and just use eth_hdr() directly, the compiler does the right thing > and calculates it only once so we don't lose anything. > > Fixes: 057658cb33fb ("bridge: suppress arp pkts on BR_NEIGH_SUPPRESS ports") > Signed-off-by: Nikolay Aleksandrov <nikolay@...ulusnetworks.com> > --- > v2: remove syzbot's reported-by tag, this seems to be a different bug Applied and queued up for -stable, thanks Nikolay.
Powered by blists - more mailing lists