lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK-6q+g+Uzt5YYYGSPzDmjeg_gWJpqmEpnhqZdjyFvABkBB9fA@mail.gmail.com> Date: Wed, 17 May 2023 21:53:10 -0400 From: Alexander Aring <aahringo@...hat.com> To: Eric Dumazet <edumazet@...gle.com> Cc: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Alexander Aring <alex.aring@...il.com>, David Lebrun <david.lebrun@...ouvain.be>, netdev@...r.kernel.org, eric.dumazet@...il.com Subject: Re: [PATCH net 0/3] ipv6: exthdrs: fix three SRH issues Hi, On Wed, May 17, 2023 at 5:31 PM Eric Dumazet <edumazet@...gle.com> wrote: > > While looking at a related CVE, I found three problems worth fixing > in ipv6_rpl_srh_rcv() and ipv6_srh_rcv(). thanks, for looking into it. I got some reproducers for the CVE (I hope we are talking about the same one), I believe it has something to do with what Jakub already pointed out. It's about IPV6_RPL_SRH_WORST_SWAP_SIZE [0] is not correct, if the last address in the segment address array is completely different than all other segment addresses the source header will grow a lot, about (number of segment addresses * sizeof(struct in6_addr)). Maybe there can be more intelligent ways to find the right number here... however I tried to change it without success to fix the problem. :-/ - Alex [0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/exthdrs.c?h=v6.4-rc2#n572
Powered by blists - more mailing lists