| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Apr 2023 09:55:25 -0600
From: David Ahern <dsahern@...nel.org>
To: Stephen Hemminger <stephen@...workplumber.org>,
netdev@...r.kernel.org
Cc: bluca@...ian.org, Robin <imer@...r.cc>
Subject: Re: [PATCH iproute2] iptunnel: detect protocol mismatch on tunnel
change
On 4/10/23 5:35 PM, Stephen Hemminger wrote:
> diff --git a/ip/iptunnel.c b/ip/iptunnel.c
> index 02c3670b469d..b6da145913d6 100644
> --- a/ip/iptunnel.c
> +++ b/ip/iptunnel.c
> @@ -17,6 +17,7 @@
> #include <net/if_arp.h>
> #include <linux/ip.h>
> #include <linux/if_tunnel.h>
> +#include <linux/ip6_tunnel.h>
>
> #include "rt_names.h"
> #include "utils.h"
> @@ -172,11 +173,20 @@ static int parse_args(int argc, char **argv, int cmd, struct ip_tunnel_parm *p)
> if (get_ifname(p->name, *argv))
> invarg("\"name\" not a valid ifname", *argv);
> if (cmd == SIOCCHGTUNNEL && count == 0) {
> - struct ip_tunnel_parm old_p = {};
> + union {
> + struct ip_tunnel_parm ip_tnl;
> + struct ip6_tnl_parm2 ip6_tnl;
> + } old_p = {};'
That addresses the stack smashing, but ....
>
> if (tnl_get_ioctl(*argv, &old_p))
> return -1;
> - *p = old_p;
> +
> + if (old_p.ip_tnl.iph.version != 4 ||
> + old_p.ip_tnl.iph.ihl != 5)
this field overlays laddr in ip6_tnl_parm2 which means there is a
collision in valid addresses.
> + invarg("\"name\" is not an ip tunnel",
> + *argv);
> +
> + *p = old_p.ip_tnl;
> }
> }
> count++;
Powered by blists - more mailing lists