lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f4ac5b02-3821-787c-6da9-50aa44d2847b@gmail.com>
Date:   Fri, 19 Feb 2021 16:32:32 +0100
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Lorenz Bauer <lmb@...udflare.com>,
        Eric Dumazet <eric.dumazet@...il.com>
Cc:     Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>, bpf <bpf@...r.kernel.org>,
        Networking <netdev@...r.kernel.org>,
        kernel-team <kernel-team@...udflare.com>
Subject: Re: [PATCH bpf-next v2 1/4] net: add SO_NETNS_COOKIE socket option



On 2/19/21 1:23 PM, Lorenz Bauer wrote:
> On Fri, 19 Feb 2021 at 11:49, Eric Dumazet <eric.dumazet@...il.com> wrote:
>>
>>> +     case SO_NETNS_COOKIE:
>>> +             lv = sizeof(u64);
>>> +             if (len < lv)
>>> +                     return -EINVAL;
>>
>>         if (len != lv)
>>                 return -EINVAL;
>>
>> (There is no reason to support bigger value before at least hundred years)
> 
> Sorry that was copy pasta from SO_COOKIE which uses the same check. I'll
> change it to your suggestion. Want me to fix SO_COOKIE as well?

Unfortunately it is too late for SO_COOKIE

Some applications might use len = 256, and just look at what the kernel
gives back.

Better be strict at the time a feature is added, instead of having
to maintain legacy stuff.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ