lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 30 Sep 2021 12:30:05 +0000
From:   "Cufi, Carles" <Carles.Cufi@...dicsemi.no>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     "jukka.rissanen@...ux.intel.com" <jukka.rissanen@...ux.intel.com>,
        "johan.hedberg@...el.com" <johan.hedberg@...el.com>,
        "Lubos, Robert" <Robert.Lubos@...dicsemi.no>,
        "Bursztyka, Tomasz" <tomasz.bursztyka@...el.com>
Subject: Non-packed structures in IP headers

Hi all,

I was looking through the structures for IPv{4,6} packet headers and noticed that several of those that seem to be used to parse a packet directly from the wire are not declared as packed. This surprised me because, although I did find that provisions are made so that the alignment of the structure, it is still technically possible for the compiler to inject padding bytes inside those structures, since AFAIK the C standard makes no guarantees about padding unless it's instructed to pack the structure.

To better show what I mean, here's a rough patch to ensure that the compiler doesn't break the on-wire format by inserting padding in between structure members:

diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 3a025c011971..62d0b83257e3 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -452,6 +452,8 @@ static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net)
                goto out;
        }

+       BUILD_BUG_ON(sizeof(struct iphdr) != 20);
+
        if (!pskb_may_pull(skb, sizeof(struct iphdr)))
                goto inhdr_error;

diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 80256717868e..32beb8b9e3d4 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -181,6 +181,8 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev,
         */
        IP6CB(skb)->iif = skb_valid_dst(skb) ? ip6_dst_idev(skb_dst(skb))->dev->ifindex : dev->ifindex;

+       BUILD_BUG_ON(sizeof(struct ipv6hdr) != 40);
+
        if (unlikely(!pskb_may_pull(skb, sizeof(*hdr))))
                goto err;

Thanks,

Carles

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ