| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Jan 2022 10:30:09 -0500
From: James Carlson <carlsonj@...kingcode.com>
To: Guillaume Nault <gnault@...hat.com>,
Eric Dumazet <eric.dumazet@...il.com>
Cc: "David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
netdev <netdev@...r.kernel.org>,
Eric Dumazet <edumazet@...gle.com>,
Paul Mackerras <paulus@...ba.org>, linux-ppp@...r.kernel.org,
syzbot <syzkaller@...glegroups.com>
Subject: Re: [PATCH net] ppp: ensure minimum packet size in ppp_write()
On 1/5/22 08:19, Guillaume Nault wrote:
> On Wed, Jan 05, 2022 at 03:48:42AM -0800, Eric Dumazet wrote:
>> From: Eric Dumazet <edumazet@...gle.com>
>>
>> It seems pretty clear ppp layer assumed user space
>> would always be kind to provide enough data
>> in their write() to a ppp device.
>>
>> This patch makes sure user provides at least
>> 2 bytes.
>>
>> It adds PPP_PROTO_LEN macro that could replace
>> in net-next many occurrences of hard-coded 2 value.
>
> The PPP header can be compressed to only 1 byte, but since 2 bytes is
> assumed in several parts of the code, rejecting such packets in
> ppp_xmit() is probably the best we can do.
The only ones that can be compressed are those less than 0x0100, which
are (intentionally) all network layer protocols. We should be getting
only control protocol messages though the user-space interface, not
network layer, so I'd say it's not just the best we can do, but indeed
the right thing to do by design.
--
James Carlson 42.703N 71.076W <carlsonj@...kingcode.com>
Powered by blists - more mailing lists