lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zy3/TmyK7imjT348@debian>
Date: Fri, 8 Nov 2024 13:08:46 +0100
From: Guillaume Nault <gnault@...hat.com>
To: Emanuele Santini <emanuele.santini.88@...il.com>
Cc: netdev@...r.kernel.org, yoshfuji@...ux-ipv6.org, friedrich@...age.de,
	kuba@...nel.org, davem@...emloft.net, pabeni@...hat.com,
	dsahern@...nel.org
Subject: Re: [PATCH] net: ipv6: fix the address length for net_device on a
 GRE tunnel

On Fri, Nov 08, 2024 at 10:25:55AM +0100, Emanuele Santini wrote:
> While GRE tunneling does not require
> a hardware address, a random Ethernet address is still assigned to
> the 'net_device'.

That's really surprising and not what I can see on my system. Are you
really talking about ip6gre (and not ip6gretap)?

> Therefore, the correct 'addr_len' value should be
> the size of an Ethernet address (6 bytes), not the size of an IPv6
> address.

Ethernet address length only makes sense for ip6gretap. This doesn't
seem like a valid justification for ip6gre.

> This fix sets 'addr_len' to the appropriate value, ensuring
> consistency in the net_device setup for IPv6 GRE tunnels.
> 
> Bug: Setting addr_len to the size of an IPv6 network address (16 bytes)
> can cause a packet socket with SOCK_DGRAM to fail on 'sendto' calls.
> This happens due to a check in 'packet_snd' for SOCK_DGRAM types,
> which validates the address length.
> 
> This bug was introduced in kernel version 4.20.0 and is still present in the current version.
> 
> Steps to reproduce:
> 
>   ip -6 tunnel add <dev_name> mode ip6gre remote <remote_addr> local <local_addr> ttl 255
>   ip link set dev <dev_name> up
>   busybox udhcpc -i <dev_name> -n -f
>   -> It returns Invalid Argument.
> 
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=202147
> Reported-by: Friedrich Oslage <friedrich@...age.de>
> Signed-off-by: Emanuele Santini <emanuele.santini.88@...il.com>
> ---
>  net/ipv6/ip6_gre.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
> index 235808cfec70..db7679b04a02 100644
> --- a/net/ipv6/ip6_gre.c
> +++ b/net/ipv6/ip6_gre.c
> @@ -1455,7 +1455,7 @@ static void ip6gre_tunnel_setup(struct net_device *dev)
>  	dev->type = ARPHRD_IP6GRE;
>  
>  	dev->flags |= IFF_NOARP;
> -	dev->addr_len = sizeof(struct in6_addr);
> +	dev->addr_len = ETH_ALEN;

I guess it should be "dev->addr_len = 0" instead. We have no "hardware"
address.

>  	netif_keep_dst(dev);
>  	/* This perm addr will be used as interface identifier by IPv6 */
>  	dev->addr_assign_type = NET_ADDR_RANDOM;
> -- 
> 2.46.0
> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ