| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210623150723.489b7f6d@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date: Wed, 23 Jun 2021 15:07:23 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: "David S . Miller" <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>,
Tom Herbert <tom@...bertland.com>
Subject: Re: [PATCH net] ipv6: fix out-of-bound access in ip6_parse_tlv()
On Wed, 23 Jun 2021 12:43:53 -0700 Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@...gle.com>
>
> First problem is that optlen is fetched without checking
> there is more than one byte to parse.
>
> Fix this by taking care of IPV6_TLV_PAD1 before
> fetching optlen (under appropriate sanity checks against len)
>
> Second problem is that IPV6_TLV_PADN checks of zero
> padding are performed before the check of remaining length.
>
> Fixes: c1412fce7ecc ("net/ipv6/exthdrs.c: Strict PadN option checking")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Cc: Paolo Abeni <pabeni@...hat.com>
> Cc: Tom Herbert <tom@...bertland.com>
> ---
>
> Only compiled, I would appreciate a solid review of this patch before merging it, thanks !
Reviewed-by: Jakub Kicinski <kuba@...nel.org>
for what that's worth
Powered by blists - more mailing lists