| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <eca4d35dc5aa150547317f805633abc70ae994ca.camel@codeconstruct.com.au>
Date: Wed, 07 May 2025 11:48:28 +0800
From: Matt Johnston <matt@...econstruct.com.au>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Jeremy Kerr <jk@...econstruct.com.au>, "David S. Miller"
<davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni
<pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
netdev@...r.kernel.org,
syzbot+e76d52dadc089b9d197f@...kaller.appspotmail.com,
syzbot+1065a199625a388fce60@...kaller.appspotmail.com
Subject: Re: [PATCH net] net: mctp: Don't access ifa_index when missing
On Tue, 2025-05-06 at 19:20 -0700, Jakub Kicinski wrote:
> On Wed, 07 May 2025 10:13:19 +0800 Matt Johnston wrote:
> > > I see your point. And existing user space may expect filtering
> > > even if !cb->strict_check but family is set to AF_MCTP?
> >
> > Yes, given mctp_dump_addrinfo() has always applied a filter, mctp-specific
> > programs likely expect that behaviour.
>
> Okay, so would this make all known user space happy?
>
> if (!msg short) {
> ifindex = ifm->ifa_index
> } else {
> if (cb->strict_check)
> return error
> }
I think that would work well. Some old non-mctp programs might send a full
header but garbage ifa_index (the original reason for strict_check), but that
would just filter out some interfaces which should be OK - that userspace
wouldn't be handling AF_MCTP responses anyway. I'll give it some testing and
get a v2. Thanks for the review.
I'll have a look at nlmsg_payload() for later.
Cheers,
Matt
Powered by blists - more mailing lists