lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 25 Jun 2022 16:26:51 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Maciej Żenczykowski <maze@...gle.com>
Cc:     patchwork-bot+netdevbpf@...nel.org, stable@...r.kernel.org,
        Riccardo Paolo Bestetti <pbl@...tov.io>,
        Carlos Llamas <cmllamas@...gle.com>,
        "David S. Miller" <davem@...emloft.net>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>, kernel-team@...roid.com,
        Kernel hackers <linux-kernel@...r.kernel.org>,
        Linux NetDev <netdev@...r.kernel.org>,
        Miaohe Lin <linmiaohe@...wei.com>
Subject: Re: [PATCH v2] ipv4: ping: fix bind address validity check

On Thu, Jun 23, 2022 at 11:18:21AM -0700, Maciej Żenczykowski wrote:
> On Mon, Jun 20, 2022 at 3:11 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> > On Fri, Jun 17, 2022 at 04:45:52PM -0700, Maciej Żenczykowski wrote:
> > > On Fri, Jun 17, 2022 at 4:30 AM <patchwork-bot+netdevbpf@...nel.org> wrote:
> > > >
> > > > Hello:
> > > >
> > > > This patch was applied to netdev/net.git (master)
> > > > by David S. Miller <davem@...emloft.net>:
> > > >
> > > > On Fri, 17 Jun 2022 10:54:35 +0200 you wrote:
> > > > > Commit 8ff978b8b222 ("ipv4/raw: support binding to nonlocal addresses")
> > > > > introduced a helper function to fold duplicated validity checks of bind
> > > > > addresses into inet_addr_valid_or_nonlocal(). However, this caused an
> > > > > unintended regression in ping_check_bind_addr(), which previously would
> > > > > reject binding to multicast and broadcast addresses, but now these are
> > > > > both incorrectly allowed as reported in [1].
> > > > >
> > > > > [...]
> > > >
> > > > Here is the summary with links:
> > > >   - [v2] ipv4: ping: fix bind address validity check
> > > >     https://git.kernel.org/netdev/net/c/b4a028c4d031
> > > >
> > > > You are awesome, thank you!
> > > > --
> > > > Deet-doot-dot, I am a bot.
> > > > https://korg.docs.kernel.org/patchwork/pwbot.html
> > >
> > > I believe this [
> > > https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b4a028c4d031
> > > ] needs to end up in 5.17+ LTS (though I guess 5.17 is eol, so
> > > probably just 5.18)
> >
> > 5.17 is end-of-life, sorry.
> >
> > And this needs to hit Linus's tree first.
> 
> It now has:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/ipv4/ping.c
> 
> ipv4: ping: fix bind address validity check
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/ping.c?id=b4a028c4d031c27704ad73b1195ca69a1206941e

Great, now queued up, thanks.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ