| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231016203255.GB10271@breakpoint.cc>
Date: Mon, 16 Oct 2023 22:32:55 +0200
From: Florian Westphal <fw@...len.de>
To: Phil Sutter <phil@....cc>
Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
netfilter-devel@...r.kernel.org,
Pablo Neira Ayuso <pablo@...filter.org>
Subject: Re: [net-next PATCH] net: skb_find_text: Ignore patterns extending
past 'to'
Phil Sutter <phil@....cc> wrote:
> Assume that caller's 'to' offset really represents an upper boundary for
> the pattern search, so patterns extending past this offset are to be
> rejected.
>
> The old behaviour also was kind of inconsistent when it comes to
> fragmentation (or otherwise non-linear skbs): If the pattern started in
> between 'to' and 'from' offsets but extended to the next fragment, it
> was not found if 'to' offset was still within the current fragment.
>
> Test the new behaviour in a kselftest using iptables' string match.
>
> Suggested-by: Pablo Neira Ayuso <pablo@...filter.org>
> Fixes: f72b948dcbb85 ("[NET]: skb_find_text ignores to argument")
FYI, checkpatch complains about the fixes tag.
> diff --git a/tools/testing/selftests/netfilter/xt_string.sh b/tools/testing/selftests/netfilter/xt_string.sh
> new file mode 100755
> index 0000000000000..1802653a47287
> --- /dev/null
> +++ b/tools/testing/selftests/netfilter/xt_string.sh
Thanks for the test case. Is there a reason why its not hooked
up to the kselftest makefile?
I think it should be.
Powered by blists - more mailing lists