lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CANn89iJNZshgBXSRUAZeQMK3xt+MT7KqBO5qCZvjqHQe8kyWiA@mail.gmail.com>
Date: Mon, 12 Jan 2026 21:27:44 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Kuniyuki Iwashima <kuniyu@...gle.com>
Cc: "David S . Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, 
	Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org, 
	syzbot+4d8c7d16b0e95c0d0f0d@...kaller.appspotmail.com
Subject: Re: [PATCH v1 net 1/2] gue: Fix skb memleak with inner IP protocol 0.

On Mon, Jan 12, 2026 at 9:07 PM Kuniyuki Iwashima <kuniyu@...gle.com> wrote:
>
> syzbot reported skb memleak below. [0]
>
> The repro generated a GUE packet with its inner protocol 0.
>
> gue_udp_recv() returns -guehdr->proto_ctype for "resubmit"
> in ip_protocol_deliver_rcu(), but this only works with
> non-zero protocol number.
>
> Let's drop such packets.
>
> Note that 0 is a valid number (IPv6 Hop-by-Hop Option).
>
> I think it is not practical to encap HOPOPT in GUE, so once
> someone starts to complain, we could pass down a resubmit
> flag pointer to distinguish two zeros from the upper layer:
>
>   * no error
>   * resubmit HOPOPT

Reviewed-by: Eric Dumazet <edumazet@...gle.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ