lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 7 Apr 2022 18:10:49 +0200
From:   Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:     Eric Dumazet <edumazet@...gle.com>,
        kongweibin <kongweibin2@...wei.com>
Cc:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Willem de Bruijn <willemb@...gle.com>,
        Pavel Begunkov <asml.silence@...il.com>,
        David Ahern <dsahern@...nel.org>,
        Vasily Averin <vvs@...tuozzo.com>,
        Martin KaFai Lau <kafai@...com>,
        LKML <linux-kernel@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>, rose.chen@...wei.com,
        liaichun@...wei.com
Subject: Re: [PATCH] ipv6:fix crash when idev is NULL


Le 07/04/2022 à 16:08, Eric Dumazet a écrit :
[snip]
> 
> And CC patch author for feedback.
Thanks Eric.

> 
> In this case I suspect:
> 
> commit ccd27f05ae7b8ebc40af5b004e94517a919aa862
> Author: Nicolas Dichtel <nicolas.dichtel@...nd.com>
> Date:   Tue Jul 6 11:13:35 2021 +0200
> 
>     ipv6: fix 'disable_policy' for fwd packets
I agree.

> 
> 
> 
>> ---
>>  net/ipv6/ip6_output.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
>> index 54cabf1c2..347b5600d 100644
>> --- a/net/ipv6/ip6_output.c
>> +++ b/net/ipv6/ip6_output.c
>> @@ -495,6 +495,9 @@ int ip6_forward(struct sk_buff *skb)
>>         u32 mtu;
>>
>>         idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif));
>> +       if (!idev)
>> +               goto drop;
>> +
>>         if (net->ipv6.devconf_all->forwarding == 0)
>>                 goto error;

Dropping packet in this case may introduce another regression, because there was
no drop before commit ccd27f05ae7b ("ipv6: fix 'disable_policy' for fwd packets").

Maybe something like this:
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -485,7 +485,7 @@ int ip6_forward(struct sk_buff *skb)
                goto drop;

        if (!net->ipv6.devconf_all->disable_policy &&
-           !idev->cnf.disable_policy &&
+           (!idev || !idev->cnf.disable_policy) &&
            !xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
                __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
                goto drop;

I could submit it formally tomorrow.


Regards,
Nicolas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ