lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 02 Aug 2021 11:00:59 +0200
From:   Jakub Sitnicki <jakub@...udflare.com>
To:     Cong Wang <xiyou.wangcong@...il.com>
Cc:     netdev@...r.kernel.org, bpf@...r.kernel.org,
        jiang.wang@...edance.com, Cong Wang <cong.wang@...edance.com>,
        John Fastabend <john.fastabend@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Lorenz Bauer <lmb@...udflare.com>
Subject: Re: [Patch bpf-next] unix_bpf: check socket type in
 unix_bpf_update_proto()

On Sat, Jul 31, 2021 at 09:50 PM CEST, Cong Wang wrote:
> From: Cong Wang <cong.wang@...edance.com>
>
> As of now, only AF_UNIX datagram socket supports sockmap.
> But unix_proto is shared for all kinds of AF_UNIX sockets,
> so we have to check the socket type in
> unix_bpf_update_proto() to explicitly reject other types,
> otherwise they could be added into sockmap too.
>
> Fixes: c63829182c37 ("af_unix: Implement ->psock_update_sk_prot()")
> Reported-by: Jakub Sitnicki <jakub@...udflare.com>
> Cc: John Fastabend <john.fastabend@...il.com>
> Cc: Daniel Borkmann <daniel@...earbox.net>
> Cc: Lorenz Bauer <lmb@...udflare.com>
> Signed-off-by: Cong Wang <cong.wang@...edance.com>
> ---
>  net/unix/unix_bpf.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/net/unix/unix_bpf.c b/net/unix/unix_bpf.c
> index 177e883f451e..20f53575b5c9 100644
> --- a/net/unix/unix_bpf.c
> +++ b/net/unix/unix_bpf.c
> @@ -105,6 +105,9 @@ static void unix_bpf_check_needs_rebuild(struct proto *ops)
>  
>  int unix_bpf_update_proto(struct sock *sk, struct sk_psock *psock, bool restore)
>  {
> +	if (sk->sk_type != SOCK_DGRAM)
> +		return -EOPNOTSUPP;
> +
>  	if (restore) {
>  		sk->sk_write_space = psock->saved_write_space;
>  		WRITE_ONCE(sk->sk_prot, psock->sk_proto);

Acked-by: Jakub Sitnicki <jakub@...udflare.com>

Powered by blists - more mailing lists