| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41cd3168-c63e-4b6b-9085-07dfe95e48da@redhat.com>
Date: Thu, 1 Aug 2024 11:43:54 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: Maciej Żenczykowski <zenczykowski@...il.com>
Cc: Linux Network Development Mailing List <netdev@...r.kernel.org>,
"David S . Miller" <davem@...emloft.net>, Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Jen Linkova <furry@...gle.com>, Lorenzo Colitti <lorenzo@...gle.com>,
Patrick Rohr <prohr@...gle.com>, David Ahern <dsahern@...nel.org>,
YOSHIFUJI Hideaki / 吉藤英明
<yoshfuji@...ux-ipv6.org>
Subject: Re: [PATCH net v2] ipv6: fix ndisc_is_useropt() handling for PIO
On 7/30/24 02:27, Maciej Żenczykowski wrote:
> On Mon, Jul 29, 2024 at 5:17 PM Maciej Żenczykowski <maze@...gle.com> wrote:
>>
>> The current logic only works if the PIO is between two
>> other ND user options. This fixes it so that the PIO
>> can also be either before or after other ND user options
>> (for example the first or last option in the RA).
>>
>> side note: there's actually Android tests verifying
>> a portion of the old broken behaviour, so:
>> https://android-review.googlesource.com/c/kernel/tests/+/3196704
>> fixes those up.
>>
>> Cc: Jen Linkova <furry@...gle.com>
>> Cc: Lorenzo Colitti <lorenzo@...gle.com>
>> Cc: Patrick Rohr <prohr@...gle.com>
>> Cc: David Ahern <dsahern@...nel.org>
>> Cc: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@...ux-ipv6.org>
>> Cc: Jakub Kicinski <kuba@...nel.org>
>> Signed-off-by: Maciej Żenczykowski <maze@...gle.com>
>> Fixes: 048c796beb6e ("ipv6: adjust ndisc_is_useropt() to also return true for PIO")
>> ---
>> net/ipv6/ndisc.c | 34 ++++++++++++++++++----------------
>> 1 file changed, 18 insertions(+), 16 deletions(-)
>>
>> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
>> index 70a0b2ad6bd7..b8eec1b6cc2c 100644
>> --- a/net/ipv6/ndisc.c
>> +++ b/net/ipv6/ndisc.c
>> @@ -227,6 +227,7 @@ struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
>> return NULL;
>> memset(ndopts, 0, sizeof(*ndopts));
>> while (opt_len) {
>> + bool unknown = false;
>> int l;
>> if (opt_len < sizeof(struct nd_opt_hdr))
>> return NULL;
>> @@ -262,22 +263,23 @@ struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
>> break;
>> #endif
>> default:
>> - if (ndisc_is_useropt(dev, nd_opt)) {
>> - ndopts->nd_useropts_end = nd_opt;
>> - if (!ndopts->nd_useropts)
>> - ndopts->nd_useropts = nd_opt;
>> - } else {
>> - /*
>> - * Unknown options must be silently ignored,
>> - * to accommodate future extension to the
>> - * protocol.
>> - */
>> - ND_PRINTK(2, notice,
>> - "%s: ignored unsupported option; type=%d, len=%d\n",
>> - __func__,
>> - nd_opt->nd_opt_type,
>> - nd_opt->nd_opt_len);
>> - }
>> + unknown = true;
>> + }
>> + if (ndisc_is_useropt(dev, nd_opt)) {
>> + ndopts->nd_useropts_end = nd_opt;
>> + if (!ndopts->nd_useropts)
>> + ndopts->nd_useropts = nd_opt;
>> + } else if (unknown) {
>> + /*
>> + * Unknown options must be silently ignored,
>> + * to accommodate future extension to the
>> + * protocol.
>> + */
>> + ND_PRINTK(2, notice,
>> + "%s: ignored unsupported option; type=%d, len=%d\n",
>> + __func__,
>> + nd_opt->nd_opt_type,
>> + nd_opt->nd_opt_len);
>> }
>> next_opt:
>> opt_len -= l;
>> --
>> 2.46.0.rc1.232.g9752f9e123-goog
>>
>
> The diff on this second version is significantly bigger (although it's
> just unindenting a block), but perhaps this is better as it is much
> harder to screw things up.
Makes sense to me.
It would be great if you could follow-up with a self-test covering this.
Thanks,
Paolo
Powered by blists - more mailing lists