| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <84b6bdceff61d495661dcf3500fd4bf19cf4e7be.camel@codeconstruct.com.au> Date: Wed, 07 May 2025 09:24:29 +0800 From: Matt Johnston <matt@...econstruct.com.au> To: Jakub Kicinski <kuba@...nel.org> Cc: Jeremy Kerr <jk@...econstruct.com.au>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, netdev@...r.kernel.org, syzbot+e76d52dadc089b9d197f@...kaller.appspotmail.com, syzbot+1065a199625a388fce60@...kaller.appspotmail.com Subject: Re: [PATCH net] net: mctp: Don't access ifa_index when missing On Tue, 2025-05-06 at 18:06 -0700, Jakub Kicinski wrote: > On Mon, 05 May 2025 17:05:12 +0800 Matt Johnston wrote: > > + /* Userspace programs providing AF_MCTP must be expecting ifa_index filter > > + * behaviour, as will those setting strict_check. > > + */ > > + if (hdr->ifa_family == AF_MCTP || cb->strict_check) > > + ifindex = hdr->ifa_index; > > The use of cb->strict_check is a bit strange here. I could be wrong but > I though cb->strict_check should only impact validation. Not be used > for changing behavior. It was following behaviour of inet_dump_addr()/inet6_dump_addr() where filtering is applied if strict check is set. I don't have strong opinion whether strict_check makes sense for MCTP though - it depends on whether userspace expects strict_check to apply to all families, or just inet4/inet6. > If you have a reason to believe all user space passes a valid header - > how about we just return an error if message is too short? > IPv4 and IPv6 seem to return an error if message is short and > cb->strict_check, so they are more strict. MCTP doesn't have a ton of > legacy user space, we don't have to be lenient at all. My intuition > would be to always act like IP acts under cb->strict_check The problem is that programs will pass ifa_family=AF_UNSPEC with a short header, no strict_checkĀ (eg busybox "ip addr show"). An AF_UNSPEC request will reach mctp_dump_addrinfo(), so we don't want that returning an error. Maybe mctp_dump_addrinfo() should ignore AF_UNSPEC requests entirely, and only populate a response when ifa_family=AF_MCTP. That would be OK for the existing mctp userspace programsĀ I know about, though there may be other users that are calling with AF_UNSPEC but filteringĀ userspace-side for AF_MCTP addresses. Matt
Powered by blists - more mailing lists