| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iJB0k7+QSqgLwLuKqxBObLdzXfS14UNvi_jSNo_a5nQLg@mail.gmail.com> Date: Sun, 21 May 2023 19:05:35 +0200 From: Eric Dumazet <edumazet@...gle.com> To: Alexander Aring <aahringo@...hat.com> Cc: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Alexander Aring <alex.aring@...il.com>, David Lebrun <david.lebrun@...ouvain.be>, netdev@...r.kernel.org, eric.dumazet@...il.com Subject: Re: [PATCH net 0/3] ipv6: exthdrs: fix three SRH issues On Thu, May 18, 2023 at 3:53 AM Alexander Aring <aahringo@...hat.com> wrote: > > Hi, > > On Wed, May 17, 2023 at 5:31 PM Eric Dumazet <edumazet@...gle.com> wrote: > > > > While looking at a related CVE, I found three problems worth fixing > > in ipv6_rpl_srh_rcv() and ipv6_srh_rcv(). > > thanks, for looking into it. I got some reproducers for the CVE (I > hope we are talking about the same one), I believe it has something to > do with what Jakub already pointed out. It's about > IPV6_RPL_SRH_WORST_SWAP_SIZE [0] is not correct, if the last address > in the segment address array is completely different than all other > segment addresses the source header will grow a lot, about (number of > segment addresses * sizeof(struct in6_addr)). Maybe there can be more > intelligent ways to find the right number here... however I tried to > change it without success to fix the problem. :-/ Hmmm... this patch series fixes other generic issues. I have not claimed to solve this CVE yet.
Powered by blists - more mailing lists