lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK-6q+g+Uzt5YYYGSPzDmjeg_gWJpqmEpnhqZdjyFvABkBB9fA@mail.gmail.com>
Date: Wed, 17 May 2023 21:53:10 -0400
From: Alexander Aring <aahringo@...hat.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, 
	Paolo Abeni <pabeni@...hat.com>, Alexander Aring <alex.aring@...il.com>, 
	David Lebrun <david.lebrun@...ouvain.be>, netdev@...r.kernel.org, eric.dumazet@...il.com
Subject: Re: [PATCH net 0/3] ipv6: exthdrs: fix three SRH issues

Hi,

On Wed, May 17, 2023 at 5:31 PM Eric Dumazet <edumazet@...gle.com> wrote:
>
> While looking at a related CVE, I found three problems worth fixing
> in ipv6_rpl_srh_rcv() and ipv6_srh_rcv().

thanks, for looking into it. I got some reproducers for the CVE (I
hope we are talking about the same one), I believe it has something to
do with what Jakub already pointed out. It's about
IPV6_RPL_SRH_WORST_SWAP_SIZE [0] is not correct, if the last address
in the segment address array is completely different than all other
segment addresses the source header will grow a lot, about (number of
segment addresses * sizeof(struct in6_addr)). Maybe there can be more
intelligent ways to find the right number here... however I tried to
change it without success to fix the problem. :-/

- Alex

[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/exthdrs.c?h=v6.4-rc2#n572


Powered by blists - more mailing lists