lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20201227163331.GB27369@linux.home>
Date:   Sun, 27 Dec 2020 17:33:31 +0100
From:   Guillaume Nault <gnault@...hat.com>
To:     Taehee Yoo <ap420073@...il.com>
Cc:     davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
        martin.varghese@...ia.com
Subject: Re: [PATCH net 2/2] bareudp: Fix use of incorrect min_headroom size

On Sat, Dec 26, 2020 at 05:13:08PM +0000, Taehee Yoo wrote:
> In the bareudp6_xmit_skb(), it calculates min_headroom.
> At that point, it uses struct iphdr, but it's not correct.
> So panic could occur.
> The struct ipv6hdr should be used.
> 
> Test commands:
>     ip netns add A
>     ip netns add B
>     ip link add veth0 type veth peer name veth1
>     ip link set veth0 netns A

Missing "ip link set veth1 netns B", so the reproducer unfortunately
doesn't work.

BTW, you can also simplify the script by creating the veth devices
directly in the right netns:
  ip link add name veth0 netns A type veth peer name veth1 netns B

Apart from that,
Acked-by: Guillaume Nault <gnault@...hat.com>

And thanks a lot for the reproducers!

>     ip netns exec A ip link set veth0 up
>     ip netns exec A ip a a 2001:db8:0::1/64 dev veth0
>     ip netns exec B ip link set veth1 up
>     ip netns exec B ip a a 2001:db8:0::2/64 dev veth1
> 
>     for i in {10..1}
>     do
>             let A=$i-1
>             ip netns exec A ip link add bareudp$i type bareudp dstport $i \
> 		    ethertype 0x86dd
>             ip netns exec A ip link set bareudp$i up
>             ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev bareudp$i
>             ip netns exec A ip -6 r a 2001:db8:$i::2 encap ip6 src \
> 		    2001:db8:$A::1 dst 2001:db8:$A::2 via 2001:db8:$i::2 \
> 		    dev bareudp$i
> 
>             ip netns exec B ip link add bareudp$i type bareudp dstport $i \
> 		    ethertype 0x86dd
>             ip netns exec B ip link set bareudp$i up
>             ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev bareudp$i
>             ip netns exec B ip -6 r a 2001:db8:$i::1 encap ip6 src \
> 		    2001:db8:$A::2 dst 2001:db8:$A::1 via 2001:db8:$i::1 \
> 		    dev bareudp$i
>     done
>     ip netns exec A ping 2001:db8:7::2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ