lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Aug 2022 07:21:54 +0200
From:   Mattias Forsblad <mattias.forsblad@...il.com>
To:     Andrew Lunn <andrew@...n.ch>
Cc:     netdev@...r.kernel.org, Vivien Didelot <vivien.didelot@...il.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Vladimir Oltean <olteanv@...il.com>,
        "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
Subject: Re: [RFC net-next PATCH 1/3] dsa: Add ability to handle RMU frames.

On 2022-08-18 14:44, Andrew Lunn wrote:
>> +static int dsa_inband_rcv_ll(struct sk_buff *skb, struct net_device *dev)
>> +{
>> +	int source_device, source_port;
>> +	struct dsa_switch *ds;
>> +	u8 *dsa_header;
>> +	int rcv_seqno;
>> +	int ret = 0;
>> +
>> +	if (!dev || !dev->dsa_ptr)
>> +		return 0;
>> +
>> +	ds = dev->dsa_ptr->ds;
>> +
>> +	dsa_header = skb->data - 2;
>> +
>> +	source_device = dsa_header[0] & 0x1f;
>> +	source_port = (dsa_header[1] >> 3) & 0x1f;
>> +	ds = dsa_switch_find(ds->dst->index, source_device);
> 
> You should never trust anything you receive from the network. Always
> validate it. ds could be a NULL pointer here, if source_device is
> bad. source_port could also be invalid. Hum, source port is not
> actually used?
> 
Agree, will fix. I think source_port is a remnant from an earlier
version, I will fix it. 

> We send RMU frames with a specific destination MAC address. Can we
> validate the destination address for frames we receive.
>

Yes, I'll add that.
 
>> +
>> +	/* Get rcv seqno */
>> +	rcv_seqno = dsa_header[3];
>> +
>> +	skb_pull(skb, DSA_HLEN);
>> +
>> +	if (ds->ops && ds->ops->inband_receive(ds, skb, rcv_seqno))
>> +		netdev_err(dev, "DSA inband: error decoding packet");
> 
> rate limit this print, so as to avoid the possibility of a DoS.
> 
>      Andrew

Ofc, will fix. Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ