lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <dbde2a45-a7dd-0e8a-d04c-233f69631885@workingcode.com>
Date:   Wed, 5 Jan 2022 10:30:09 -0500
From:   James Carlson <carlsonj@...kingcode.com>
To:     Guillaume Nault <gnault@...hat.com>,
        Eric Dumazet <eric.dumazet@...il.com>
Cc:     "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        netdev <netdev@...r.kernel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Paul Mackerras <paulus@...ba.org>, linux-ppp@...r.kernel.org,
        syzbot <syzkaller@...glegroups.com>
Subject: Re: [PATCH net] ppp: ensure minimum packet size in ppp_write()

On 1/5/22 08:19, Guillaume Nault wrote:
> On Wed, Jan 05, 2022 at 03:48:42AM -0800, Eric Dumazet wrote:
>> From: Eric Dumazet <edumazet@...gle.com>
>>
>> It seems pretty clear ppp layer assumed user space
>> would always be kind to provide enough data
>> in their write() to a ppp device.
>>
>> This patch makes sure user provides at least
>> 2 bytes.
>>
>> It adds PPP_PROTO_LEN macro that could replace
>> in net-next many occurrences of hard-coded 2 value.
> 
> The PPP header can be compressed to only 1 byte, but since 2 bytes is
> assumed in several parts of the code, rejecting such packets in
> ppp_xmit() is probably the best we can do.

The only ones that can be compressed are those less than 0x0100, which
are (intentionally) all network layer protocols.  We should be getting
only control protocol messages though the user-space interface, not
network layer, so I'd say it's not just the best we can do, but indeed
the right thing to do by design.

-- 
James Carlson         42.703N 71.076W         <carlsonj@...kingcode.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ